Skip to content

Cricadda data breach exposes user information of 111,000 users

  • by
  • 2 min read

A hacker named Blinkers claims to have breached Cricadda, a platform associated with online gaming and betting in India and other countries. The threat actor behind the post claims to possess a database containing 2.5 million rows of information, which allegedly affected approximately 111,000 users.

This isn’t the first time that Cricadda has suffered a data breach. About six months ago, in August 2024, hackers allegedly accessed Cricadda’s servers and obtained user IDs, profile images, passwords, user types, contact information, and IP addresses, among other things.

The current breach should also contain similar data sets affecting more than 100,000 users. This information could lead to other attacks, including phishing, identity theft, and malicious campaigns.

Users are advised to change their passwords, enable two-factor authentication (2FA), and continuously monitor emails for phishing links. They are also advised not to engage in any suspicious links that users get on their email addresses or phone numbers.

The hackers have recently targeted several Indian firms. For instance, the RansomHub threat actor claimed to target the BC Jindal Group, stealing more than 140 GBV of sensitive data.

Last month, FunkSec ransomware group targeted the Wissenhive edtech platform, acquiring more than 32,000 records. Similarly, platforms such as Physics Wallah (PW), QuizTarget, and SkilloVilla were also hacked.

Major data breaches also affected government websites, such as those of the Madhya Pradesh State Child Protection Authority and the Jammu and Kashmir Rural Livelihoods Mission.

Similarly, critical infrastructure such as telecommunications, hospitals, fintech and banking firms are the prime targets of hackers. Indus Towers, one of India’s major telecommunication infrastructure companies, was breached.

In December last year, fintech firm Signzy confirmed that its servers were breached. Other Indian companies and institutions that were recently breached include C-Edge Technologies (which supports cooperative and small banks), insurance provider firm Let’s Secure, Raymond, and Bethany Hospital.

The same hacker also claimed to have breached FlyTrendy exposing the sensitive data of 2.4 million records including emails, numbers, addresses, date of birth, and social media profiles.

In the News: Hacker drains $49.5M from Infini stablecoin bank

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

Photo: camilo concha/shutterstock. Com

OpenAI Operator can perform phishing attacks autonomously

This is an image of fraud scam featured

Pune consultancy firm falls victim to Rs 1.9 crore whale phishing scam

Illustration: supimol kumying | shutterstock

Pennsylvania teachers’ union website hacked, over 500,000 people affected

This is an image of online gambling cards

Over 25 celebs booked in India for promoting betting apps

This is an image of github featured 1398

Popular GitHub repo targeted in supply chain attack; over 23000 projects affected

This is an image of cloudflare featured office san fran 1

Cloudflare announces post-quantum encryption for business users

>