Over 18 Lakh Adda.io Users’ Data Exposed in Major Data Breach Report

[johny899]

According to a recent report, online user data from over 1.86 million accounts associated with Adda.io has been compromised. This is particularly alarming since the majority of users accessed the service to help manage their Housing Society.

So, What exactly is Adda.io?​

Adda.io is a very popular app that provides management services for housing communities. Some services provided by Adda.io include;

• Monthly Bills
• Visitor Listings
• Community Notifications
• Facility Reservations

Adda.io is used by over 3,500 housing communities throughout a wide variety of locations in both India and abroad.

Details regarding the breach​

On November 23, 2025, a hacker known as "Blinkers" uploaded a significant amount of data to an online forum. This data is purportedly tied to Adda.io.

The compressed data is expected to be 145 MB when decompressed, indicating that it contains a large number of individual user records.

Contents of the compromised records​

The hacker has listed some of the records that were disclosed to the public and has indicated that they contained sensitive information, namely:

• Owner id
• First and last name
• Phone number
• Email address
• Password (stored using a weak md5 hash)

Due to the method used for password encryption (md5), it is likely that hackers will attempt to access user accounts by cracking the passwords. If hackers have access to the first name and phone number, they may also engage in phishing schemes that use fake emails or messages to deceive the public.

When did the breach occur?

The hacker claims that the breach occurred back in March 2025; however, they just recently leaked the data. This indicates that the compromised data has likely been circulating undetected for many months prior to being leaked.

What comes from All the seriousness about this?​

If you use Adda.io to manage your apartment or housing society, there is now potential exposure regarding your personal information as well. Potential fallout from this situation could include:

• Phishing via false phone calls and SMS messages
• Spam messages
• Hacked passwords between multiple sites

India's new DPDP (Data Protection and Digital Privacy) Rules of 2025 require companies to protect their users' information. If they find any violation of these laws by Adda.io, then Adda.io will be liable for prosecution.

Actions to be taken immediately​

Users of Adda.io must:

• Change their passwords as soon as possible
• Do not utilise your existing password on any other sites
• Use caution when receiving possibly suspicious or unsolicited phone calls, text messages or email communications
• Reach out to your managing society or Adda.io support for further instructions

Conclusion​

The breach of Adda.io has raised awareness about how many types of personal data that daily use mobile apps maintain on behalf of its users.

In addition to containing personal data, housing society applications store sensitive information that requires maximum protection against breaches of any sort.