Raaga Data Breach Exposes 10.2 Million User Records

In December 2025, Indian music streaming platform Raaga experienced a significant data breach, compromising the personal information of 10.2 million users.

The stolen database was subsequently offered for sale on a prominent underground hacking forum, raising serious concerns about user privacy and platform security.

According to HIBP, the breach was detected when threat actors posted the alleged Raaga database on a cybercrime marketplace. The compromised dataset contains approximately 10 million unique email addresses alongside extensive personal information.

Attackers are actively marketing this stolen data to potential buyers on dark web forums, increasing the risk of secondary attacks against affected users.

The breach timeline indicates the data was exfiltrated sometime in December 2025, though the exact date of the initial compromise remains unclear.

Raaga has not publicly disclosed when they discovered the security incident or whether affected users received breach notifications.

Compromised Information

The exposed database includes sensitive personal details that could facilitate identity theft and targeted phishing campaigns. Affected users had the following information compromised:

• Full names and email addresses
• Gender information
• Age data and partial dates of birth
• Geographic location data, including postal codes
• Account passwords stored as unsalted MD5 hashes

The most critical security vulnerability lies in Raaga’s password storage methodology. The platform used unsalted MD5 hashing, an outdated and cryptographically weak algorithm that security experts abandoned years ago.

Modern password cracking tools can rapidly reverse MD5 hashes, allowing attackers to obtain plaintext passwords within hours or days.

Individuals who reuse passwords across multiple platforms face an elevated risk of credential stuffing attacks.

Affected Raaga users should immediately change their account passwords and enable two-factor authentication if available. Anyone using similar passwords on other services should update those credentials as well.

Users should remain vigilant against phishing emails that leverage stolen personal information and monitor their financial accounts for suspicious activity.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.