A hacker has claimed to be circulating an expansive database relating to lakhs of users of Adda, the community and housing society management platform. The platform is reportedly used by several apartments, villas, and gated independent houses in India as well as other countries.
Using the alias ‘Blinkers’, the hacker uploaded the personal details of over 1.86 million (18.6 lakh) Adda users to a popular hacking forum on late Sunday night, November 23, according to a report by data breach monitoring websites Leakd and HaveIBeenPwned.
The breached personal data is 145 MB in size, when uncompressed, and has reportedly been circulated among “underground cybercrime communities”. The stolen data reportedly includes owner IDs as well as users’ first and last names, phone numbers, email addresses, and passwords (hashed with redundant MD5 hashing algorithm), as per the report.
The hacker claimed that the data breach was carried out in March 2025. The potential exposure of personally identifiable information in this manner could pose several risks to users. For instance, threat actors could leverage names and phone numbers to initiate phishing attacks. The user credentials that surface from one data breach could also be used by threat actors to attempt to log into user accounts on other platforms. This type of cyber attack is known as credential stuffing.
The allegedly stolen Adda user data has surfaced days after the Digital Personal Data Protection (DPDP) Rules, 2025, were notified by the Ministry of Electronics and Information Technology (MeitY), paving the way for India to have a functional data protection law.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
