Last updated 1 week ago
In December 2025, data allegedly breached from the Indian streaming music service Raaga was posted for sale on a popular hacking forum. The breach exposed over 10.2 million unique email addresses along with personal information including names, genders, ages (with some full dates of birth), postcodes, and passwords stored as unsalted MD5 hashes. The incident represents a significant data exposure for the music streaming platform's user base, with the weak password storage method (unsalted MD5) being particularly concerning from a security perspective.
Data allegedly breached and posted for sale on a hacking forum
The breach highlights critical failures in password security practices. The use of unsalted MD5 hashes for password storage represents outdated and insecure cryptography that is easily cracked with modern computing power. Recommendations include implementing modern password hashing algorithms (such as bcrypt, scrypt, or Argon2), adding proper salting to password storage, conducting regular security audits of authentication systems, and implementing multi-factor authentication to provide additional protection even if passwords are compromised.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector