ShellCodeX Breach Report
Raaga Data Breach
raaga.com
Verified breach
Passwords exposed
Accounts exposed
10,225,145
Breach date
15 Dec 2025
Added to tracker
19 Jan 2026
Data classes
7
What happened
In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5 hashes.
Exposed data
Ages
Dates of birth
Email addresses
Genders
Geographic locations
Names
Passwords
Recommended actions
- Change your Raaga password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Raaga — attackers weaponise breach data quickly.
- Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP