Security Warning – Why Never Share / Use your E-Mail Passwords Elsewhere ? MyMakan Shutsdown Exposes + Entire User Database

This Article has been in the Draft for quite sometime because the Webmasters of MyMakaan.com took long time to take the mortal remains of their website offline. Thought I’ll push it out. Their used to be a site MyMakaan.com operating in the Real Estate Classifieds category. The Site was very poorly Developed & Deployed, I should say. Searching for something made me land here and I was able to download most of the source code as well as Database of Users thrown wide open on the Internet. Too Bad!!!

  • Mortal Remains of Perl Code of MyMakaan is here.
  • Here is a sample list of Users and their Passwords [ I hope I am not doing any blunder here to be able to identify the user as Google once did exposing AOL Queries]
  • Number of Users who had “mymakaan” as their password is 4938 of which around 100 were company account with @mymakaan.com e-mail ids, so excluding them, it works out that a whopping 16% of the users had the name of the website as their password.
  • Developers have stored users Passwords as Plain text. LOL
  • Number of Hotmail Accounts = 5272
    Number of Gmail Accounts = 1534
    Number of Yahoo Accounts = 8825
    Number of Rediff Accounts = 3637
    Number of Indiatimes Accounts = 2182
    Other / Company e-mails like @vodafone.com, @ relianceada.com were also found in the Database

Finally, here is a security warning as I accessed one of the Gmail accounts had the same password as it was on Mymakaan users database 🙁 So if you had Registered on Mymakaan.com, then you must secure your accounts. Indian companies have a long way to go with respect to Security.

1 Comment

  1. interesting purchase and when you have countless websites I’d be definitley interested. tell me what you think when this gig is completed and that we may definitley work out something

Comments are closed.