Cyber Incident Victim: PropTiger
Date:
Jan 2018
Location:
India
Summary
A major security breach at PropTiger compromised private data of over 2 million users, later shared on a hacking forum. The exposed information included customer email addresses, login histories, IP addresses, MD5-hashed passwords, names, and dates of birth. This incident resulted in widespread unauthorized disclosure of sensitive personal records and authentication details from the Indian property platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In 2018, the Indian real estate platform PropTiger experienced a significant data breach that compromised sensitive information belonging to over two million users. The incident remained undisclosed until March 2020, when cybersecurity researchers identified the stolen dataset circulating on a hacking forum. Analysis confirmed the breach exposed comprehensive user records spanning multiple categories, including personally identifiable information and authentication credentials. The leaked information contained more than two million unique email addresses alongside associated account details such as full names and dates of birth. Security investigators also confirmed the exposure of user login histories containing IP addresses that could reveal geographic locations and usage patterns. The compromised credentials included passwords stored as MD5 hashes, an outdated cryptographic hashing algorithm known for vulnerabilities to brute-force attacks. The breach's discovery coincided with an alert issued by the Have I Been Pwned notification service, which tracks data exposures across global platforms. No evidence indicated public disclosure of the breach prior to the 2020 forum leak, suggesting a two-year gap between initial compromise and external detection. The scale of affected users represented a substantial portion of PropTiger's customer base at the time of the incident.
The exposed dataset created multiple risks for impacted individuals, including potential identity theft, phishing campaigns, and credential-stuffing attacks across other platforms where users might have reused passwords. Personal identifiers like dates of birth could facilitate financial fraud or social engineering attempts when combined with other leaked details. Security experts emphasized that MD5-hashed passwords provided inadequate protection given the algorithm's known weaknesses and the computational power available to modern attackers. The inclusion of IP addresses in login histories raised additional privacy concerns by potentially revealing users' geographic movements and internet activity patterns. While the breach's exact intrusion vector remained unspecified in available reports, the presence of both user credentials and system logs suggested broad access to backend databases. Publicly available sources did not document PropTiger's specific containment measures, remediation efforts, or customer notifications following either the 2018 breach or its 2020 disclosure. The incident's discovery through third-party monitoring rather than corporate disclosure highlighted challenges in breach detection timelines within the real estate technology sector.