ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Raaga Data Breach

raaga.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 10,225,145
Breach date 15 Dec 2025
Added to tracker 19 Jan 2026
Data classes 7

What happened

In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5 hashes.

Exposed data

Ages Dates of birth Email addresses Genders Geographic locations Names Passwords

Recommended actions

  • Change your Raaga password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Raaga — attackers weaponise breach data quickly.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP