ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

PropTiger Data Breach

proptiger.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 2,156,921
Breach date 30 Jan 2018
Added to tracker 24 Mar 2020
Data classes 7

What happened

In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records and login histories with over 2M unique customer email addresses. Exposed data also included additional personal attributes such as names, dates of birth, genders, IP addresses and passwords stored as MD5 hashes. PropTiger advised they believe the usability of the data is "limited" due to how certain data attributes were generated and stored. The data was provided to HIBP by dehashed.com.

Exposed data

Dates of birth Device information Email addresses Genders IP addresses Names Passwords

Recommended actions

  • Change your PropTiger password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing PropTiger — attackers weaponise breach data quickly.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP