DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Thai loyalty membership card data of 5 million customers put up for sale on hacking forum

Posted on November 20, 2024 by Dissent

Central Group is a multinational conglomerate in Thailand that describes itself as one of the largest private commercial conglomerates in Thailand with more than 50 subsidiaries and six key business lines. In October 2021, DataBreaches reported an attack on the Central Restaurant Group by threat actors called DESORDEN. When negotiations failed, DESORDEN revealed details about the scope of the attack. Now, it seems another threat actor has obtained data from another Central Group subsidiary.

On November 19, DataBreaches received an email from someone identifying themself as “0mid16B, the same hacker who breached BlackCanyonThai and AIS Serenade on Nov 2024, and shocked the Thai society by bulk notifying over 700,000 of their members at 4am in the morning, resulting in massive news coverage the next following day.” The remainder of the email described an incident involving the Central Retail Corporation, a publicly owned subsidiary of Central Group.

0mid16B, who tells DataBreaches that they* have never worked with DESORDEN or ALTDOS, wrote:

Between August to November 2024, i have accessed and stolen 5,108,826 records of Central Group’s The1 Card member personal information via an exposed compromised API endpoint of Central Retail network.

Central Group uses The1 Card membership system across every retail and consumer brand under the Central Group. The1 Card describes itself as Thailand’s largest loyalty platform, with over 17 million members, or about 25% of Thailand’s population.

“Due to failed negotiation with Central Group,” 0mid16B reportedly decided to sell the data of 5,108,826 records of The1 member personal information. “The stolen information includes First Name, Last Name, Membership Number, National Card ID Number, Country, Mobile Phone and Email. Total size is 582MB,” 0mid16B wrote.

0mid16B provided a sample of the data with a way to verify its authenticity. Hours later, the listing appeared on the hacking forum. In the listing, 0mid16B offered to use a middleman escrow service.  That is usually (but not always) an indicator of a legitimate seller. The ability to test the sample of data to confirm its validity and the video will also likely persuade potential buyers.

Image: DataBreaches.net

0mid16B also posted the listing on X.com, commenting, “Thai companies do not care about protecting data. Because nothing will happen to them – no PDPA fines, no compensation for customers and no liability #lmao Thai people does not demand for their rights.”

DataBreaches asked 0mid16B what happened with the negotiations, curious as to whether Central Group had made a deal with them and then broken it as they had allegedly done to DESORDEN. 0mid16B informed DataBreaches that they had been exfiltrating data until they were detected. Then:

I contacted the management, and an unidentified person contacted me with a request to hold off any intention to publish. No monetary value was discussed, however a ton of questions on how i stole the data. The contact went uncontactable, and i decide it is time to publish it.

DataBreaches emailed Central Group’s contact email and data protection office last night but has received no reply by publication. DataBreaches also sent email inquiries to Central Group’s email contacts for investor relations and public relations. Both of those bounced back with “Recipient address rejected: undeliverable” failure messages. This post may be updated if a reply is received.


*  0mid16B informed DataBreaches that they are one individual and not a group. DataBreaches is using “they/them” because they did not indicate their gender pronoun preference. 

Category: Breach IncidentsHack

Post navigation

← Attackers Targeting VPNs Account for 28.7 Percent of Ransomware Incidents in Q3 According to Corvus Insurance Cyber Threat Report
5 Alleged Members of Scattered Spider Charged Federally (1) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.