Ethical hacker warns of “Squadads” scam — urges immediate reporting before mass data theft on 16 October 2025

Bongaigaon Times / Special Report — 15 October 2025

An individual identifying himself as ethical hacker Amit Dutta from Bongaigaon, Assam has come forward claiming to have infiltrated a website and app named “Squadads”, and says the platform is a coordinated scam that harvests users’ bank details, email addresses and phone numbers under the guise of paying users for simple tasks.

According to Dutta, the service lures victims with promises of ₹250 per ad viewed and ₹600 per referral, but instead collects sensitive information that is later used for fraud. Dutta says he discovered that the platform set a withdrawal window for 16 October 2025, and warned that many users — believing they will receive payments — will submit their bank details and other private data on that date.

Dutta added that he can share list of users who were trapped, with personally identifying elements obscured, to help authorities and journalists understand the scale of the fraud — but emphasized privacy protections when sharing such data.

What the claim means for users

If the claims are accurate, users who register for Squadads and enter bank account numbers, UPI details, or other credentials risk having those data used for unauthorized withdrawals, identity theft, SIM-based fraud, or phishing campaigns. The scheduled withdrawal window increases the urgency: a large number of people submitting details at once would create many fresh victims for fraud operators.

What to do now (do not share stolen personal data publicly)

Security experts and consumer-protection advocates recommend the following immediate steps for anyone who suspects they were targeted or who receives messages encouraging them to use Squadads:

1. Do not submit bank/UPI/OTP details to the site or app. Legitimate services never ask for one-time passwords (OTPs) to be shared.

2. Preserve evidence — screenshots of the site/app, messages, dates/times — but do not publish others’ personal data publicly. Sharing unredacted stolen data may violate privacy laws and put victims at further risk.

3. Report to law enforcement and cyber authorities immediately:

• Report online at your country’s national cybercrime portal (in India, for example, cybercrime.gov.in) and to CERT-IN for technical incident response.

• File a complaint with your local police cyber cell.

1. Contact your bank if you have already provided bank/UPI details; ask them to monitor or temporarily block transactions and to advise on next steps.

2. Warn contacts (without sharing others’ private details) and be cautious of follow-up phishing attempts.

3. Report the app/site to the platform host (Google Play, Apple App Store) and to the domain/hosting provider if possible; platform takedowns can reduce new victims.

⚠️ Disclaimer: All information in this report has been provided by Amit Dutta. Bongaigaon Times is not responsible or liable for the authenticity of these claims. Readers are advised to verify facts and act with caution.