Hackers leak 260,000 accounts from Pakistani music streaming site Patari

Hackread.com informed Patari of the data breach almost a week ago yet we did not receive any response whatsoever.
Patari or Patari.pk, a Pakistani music streaming site has suffered a data breach in which its database containing personal data and login credentials of over 257,000 registered users has been leaked on English and Russian language hacker forums.

The exact date of the data breach remains unknown however the database was dumped online on June 13th, 2021.

It is worth noting that Patari claims to be the home to “the largest music streaming service in Pakistan.”

Hackers leak 260,000 accounts from Pakistani music streaming site Patari
Two hacker forums where the database was initially dumped (Image: Hackread.com)

According to Hackread.com’s analysis, the database contains the following records:

Full names/Usernames
Email addresses
Password hashes (unsalted md5)
Playlists
Avatar links



Example:
Hackers leak 260,000 accounts from Pakistani music streaming site Patari
Patari data after extraction (Image: Hackread.com)

No response from Patari
As for how the data breach took place; according to the hackers, they caught Patari exposing its database backup on a misconfigured MongoDB database sometime in May 2021.

The company was then informed about the misconfiguration however, it did not respond to their emails which prompted the hackers to dump the database online.




Hackead.com also alerted Patari of the data breach via Twitter and email a week ago. However, we did not receive any response whatsoever.


Patari users you are on your own
If you have registered an account on Patari, it is advised to change its password without further ado. You should also change the password for your email and password on any other site in case you are using a similar password.

Now that your login credentials are public, hackers will attempt to sign in to your Patari account. You may also receive phishing emails from hackers therefore you need to be vigilant by not clicking on links sent by anonymous senders.

You can also use VirusTotal to scan malicious files and links. Last but not the least, contact Patari and inquire about the data breach.