A hacker has claimed to be circulating an expansive database regarding lakhs of customers of Adda, the neighborhood and housing society administration platform utilized by a number of flats, villas, and gated impartial homes in India in addition to different international locations.
Utilizing the alias ‘Blinkers’, the hacker uploaded the private particulars of over 1.86 million (18.6 lakh) Adda customers to a preferred hacking discussion board on late Sunday night time, November 23, in keeping with a report by knowledge breach monitoring web sites Leakd and HaveIBeenPwned.
The trove of non-public knowledge is 145 MB in dimension, when uncompressed, and has reportedly been circulated amongst “underground cybercrime communities”. The purportedly stolen knowledge contains proprietor IDs in addition to customers’ first and final names, telephone numbers, e mail addresses, and passwords (hashed with redundant MD5 hashing algorithm), as per the report.
The hacker claimed that the info breach was carried out in March 2025. The potential publicity of personally identifiable data on this method might pose a number of dangers to customers. For example, risk actors might leverage names and telephone numbers to provoke phishing assaults. The consumer credentials that floor from one knowledge breach is also utilized by risk actors to aim to log into consumer accounts on different platforms. Such a cyber assault is named credential stuffing.
The Indian Express has reached out to Adda for a affirmation of the alleged breach and can replace this report as soon as a response is obtained.
The allegedly stolen Adda consumer knowledge has surfaced days after the Digital Private Knowledge Safety (DPDP) Guidelines, 2025, had been notified by the Ministry of Electronics and Info Expertise (MeitY), paving the best way for India to have a useful knowledge safety regulation.
Whereas sure provisions of the regulation such because the Proper to Info (RTI) Act modification and institution of the Knowledge Safety Board (DPB) of India are at present in pressure, different sections pertaining to safeguarding residents are but to come back into impact.
Story continues under this advert
For example, the requirement for entities to hunt knowledgeable consent from customers earlier than processing their private knowledge, utilizing their private knowledge just for specified official makes use of, and for entities to inform knowledge breaches to customers, will all solely be operationalised after 18 months.
Although, the compliance timeline could differ for large tech firms and start-ups.
A consumer’s telephone quantity and e mail handle is classed as ‘private knowledge’ below the DPDP Act, 2023, which defines ‘private knowledge breach’ as “any unauthorised processing of non-public knowledge or unintended disclosure, acquisition, sharing, use, alteration, destruction or lack of entry to private knowledge, that compromises the confidentiality, integrity or availability of non-public knowledge.”
What’s ADDA.io?
Adda.io is a digital platform utilized by residential communities equivalent to flats, villas, and gated societies to handle every day operations equivalent to customer administration, billing and assortment of society dues, sharing neighborhood notices, facility reserving, property and stock administration, and so on.
Story continues under this advert
The Bengaluru-headquartered firm was based in 2009 by CEO San Banerjee together with CTO Venkat Kandaswamy and Aashika Sripathi. Previously House Adda, the platform was rebranded to Adda.io in 2019 with a deal with constructing a personal social community at its core. 3Five8 Applied sciences, the father or mother firm of Adda.io, has a number of choices equivalent to an accounting product known as Adda Books and Adda Gatekeeper, its gate administration answer.
The corporate has purchasers in over 10 international locations, together with India, the US, the Center East, and Singapore. Its whole shopper base in India exceeds 3,500 Communities with properties of a number of main builders like DLF, Rustomjee, Status, Sobha, Oberoi, Seawoods Estates, and Brigade utilizing the corporate’s society administration software program, as per a 2024 PTI report.
Why do gate administration apps increase issues?
Through the COVID-19 pandemic, society and neighborhood administration functions equivalent to MyGate, Adda GateKeeper, and NoBrokerhood surged in recognition amongst gated communities in India, notably in metro cities like Delhi and Bengaluru. Although, adoption additionally shortly expanded to cowl smaller cities equivalent to Kochi, Nagpur and Jaipur.
These apps are primarily used to log who enters and exits condo buildings and different gated colonies. Residents are required to register on the client-side of the applying whereas safety guards get the supervisor aspect of the app. These days, gate administration apps are additionally used to listing service suppliers like grocery sellers and cleansing . A few of them are recognized to report biometric knowledge of home staff whereas others provide built-in chat options for members of the residential communities.
Story continues under this advert
Nevertheless, privateness consultants and digital rights advocates have raised issues of surveillance and knowledge misuse up to now. Whereas these apps “could appear fairly fascinating and handy, a number of urgent points come up together with issues of office and peer surveillance together with potential operate creep for the residents and guests alike, of the society,” the Web Freedom Basis (IFF) mentioned in a 2021 weblog submit.
“Functions equivalent to MyGate and Adda categorically declare to be compliant with the GDPR [European Union’s General Data Protection Regulation] and the ISO 27001 safety requirements and have additionally said that they use sturdy encryption whereas additionally having objective limitations and knowledge minimisation built-in. Nevertheless, typically the problem that emerges from utilizing these functions is not only that of knowledge loss or breach, however fairly of office and peer surveillance,” the Delhi-based non-profit added.