Raaga Data Breach Exposes Millions Of User Records

(MENAFN- The Arabian Post)

Raaga, a Chennai-based music streaming platform with a large global audience, has confirmed a significant data breach that led to the exposure of personal information linked to more than 10.2 million user accounts, triggering renewed scrutiny of data protection practices across consumer digital platforms.

The company acknowledged that a database containing user details was unlawfully accessed and later advertised for sale on an underground hacking forum during December 2025. Cybersecurity researchers who reviewed samples of the leaked data said the information appeared consistent with genuine Raaga user records, prompting the platform to begin an internal investigation and notify affected users.

According to details shared by the company and security analysts familiar with the incident, the compromised dataset includes names, email addresses, usernames, hashed passwords, dates of account creation and, in some cases, partial location data. While there is no indication that payment card information or bank details were stored in the affected database, experts warn that even limited personal data can be sufficient for phishing attacks, credential-stuffing attempts and identity-related fraud.

Raaga said the breach stemmed from unauthorised access to a legacy database that was no longer actively used for core operations but had not been fully decommissioned. The company stated that access points linked to the exposed system have been secured, passwords have been reset for impacted accounts and additional monitoring measures have been put in place. Users were advised to change passwords on other services where similar credentials may have been reused.

The platform, which has operated for more than two decades and is known for its extensive catalogue of South Asian music, said it is cooperating with cybersecurity specialists to determine how the intrusion occurred and whether any additional data stores were affected. It also indicated that law-enforcement authorities had been informed, in line with applicable legal obligations.

See also Schaeffler targets humanoid robotics supply gap

Independent security professionals noted that the incident reflects a broader pattern of attacks on consumer-facing digital services, particularly those with large historical user bases. Older databases, test environments and backup systems are increasingly targeted because they are often overlooked during routine security audits. Once accessed, such systems can yield large volumes of data that are attractive to cybercriminals seeking to monetise stolen information on illicit marketplaces.

Industry analysts point out that music and video streaming platforms collect extensive behavioural and personal data over long periods, making them appealing targets even when they do not directly process financial transactions. Email addresses and login credentials obtained from one service are frequently tested against other platforms, increasing the potential downstream impact of a single breach.

The Raaga incident has also drawn attention to regulatory expectations around data retention and security safeguards. While India's Digital Personal Data Protection Act establishes obligations for organisations to protect user data and report breaches, enforcement practices are still evolving. Legal experts say companies operating large consumer platforms are expected to demonstrate not only prompt disclosure but also evidence of reasonable security practices, including the proper retirement of obsolete systems.

User advocacy groups have called for greater transparency on the scope of the breach and the timeline of events, arguing that delayed disclosure can heighten risks for affected individuals. They have urged users to remain vigilant for suspicious emails or messages that may attempt to exploit information from the leaked database.

Raaga's disclosure comes amid a series of high-profile data exposures involving technology firms, retailers and online service providers worldwide, underscoring the persistent challenge of safeguarding personal information at scale. Cybersecurity firms report that underground forums increasingly function as marketplaces where stolen datasets are traded, sometimes bundled with tools designed to exploit them.

See also Careto hackers reappear with advanced cyber tools

Notice an issue? Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.

MENAFN20012026000152002308ID1110627917