{
	"id": "ffdcb963-89c3-40fa-9096-4828cbc55282",
	"created_at": "2026-04-11T02:23:16.030938Z",
	"updated_at": "2026-04-11T02:24:15.547196Z",
	"deleted_at": null,
	"sha1_hash": "19b8d5d3d0f74d0a0be88e3656fda09e6c863f7b",
	"title": "Desorden is back, declares an attack on MISTINE Better Way Thailand Company - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 275481,
	"plain_text": "Desorden is back, declares an attack on MISTINE Better Way\r\nThailand Company - DataBreaches.Net\r\nPublished: 2022-07-19 · Archived: 2026-04-11 02:16:49 UTC\r\nIt’s been a while since DataBreaches has seen any announcements from Desorden, but the group contacted\r\nDataBreaches over the weekend to claim responsibility for a hack and data breach of Better Way Thailand\r\nCompany Limited, a personal care products and cosmetics distributor. Mistine is one of 200 companies\r\nunder Saha Group, Thailand’s leading consumer products publicly listed conglomerate. Better Way Thailand\r\nCompany Limited started with Mistine products.\r\nIn a statement to DataBreaches, Desorden wrote:\r\nThis data breach involved 180 GB of data and 60 GB of files, affecting more than 20 million personal\r\ndata information of their customers and sales representative, which represents almost 1/3 of the entire\r\nThailand population.\r\nIn total, DESORDEN breached into 20 of their servers, across brands of Flormar, Fairs, Friday, Mistine,\r\nMYSS, Yupin and NingNong. The data alone include customer sales representatives, employees,\r\nsuppliers, export, ecommerce, corporate, HR and financial records.\r\nPersonal data alone, we have stolen over 20 million personal identifiable records, that include ID card\r\nno, birthdate, name, address ad contact detail.\r\nDataBreaches notes that the number of identifiable records with personal information generally does not equate to\r\nthe number of unique persons who have had their personal information breached as there may be duplication\r\nacross files or databases, but some of the employee and representative files DataBreaches saw each contained\r\nabout 100,000 records.\r\nhttps://www.databreaches.net/desorden-is-back-declares-an-attack-on-mistine-better-way-thailand-company/\r\nPage 1 of 3\n\nEmployee-related spreadsheet contains employees’ first and last names, their password, and their\r\ndisplay name. Other fields not shown in this screengrab include the employees’ addresses and\r\nmobile telephone numbers. Image redacted by DataBreaches.net.\r\nDesorden informed DataBreaches that they received no reply from Mistine to their contacts or demands since July\r\n8. As a result, they claim, they are preparing to leak and sell the data.\r\nAs has been their method, Desorden provided DataBreaches with samples from the claimed breach, including\r\ncopies of what they provided to Mistine management. An mp4 file makes clear that they had access to directories\r\nand files and that those files contained personal information on employees and representatives. In a message to\r\nMistine included in the mp4, Desorden tells them that they have deleted all the databases from Mistine’s servers\r\nafter downloading copies.\r\nDataBreaches does not know if Mistine has usable backups, but if they don’t, the loss of the files would be likely\r\nto impact functioning.\r\nAlthough Desorden would not get specific about how they gained access to the servers, they stated that had\r\nexploited a few vulnerabilities that had not been patched yet.\r\nDataBreaches attempted to contact the Data Protection Officer for Mistine via email sent to the address listed on\r\nMistine’s site in their privacy policy. The email bounced back with error 554 5.7.1: “Recipient address rejected:\r\nAccess denied.” DataBreaches re-sent the inquiry to seven email addresses found in the management .csv file\r\nprovided by Desorden to this site. The seven addressess included the firm’s CEO.\r\nThose emails did not bounce back but no reply has been received.\r\nDataBreaches did not attempt to contact any of the employees or representatives in the sample data at this time. In\r\nthe past, Desorden’s claims to DataBreaches to have hacked entities have all proven to be true, although\r\nsometimes the claims of number affected vary from the entities’ claimed number.\r\nhttps://www.databreaches.net/desorden-is-back-declares-an-attack-on-mistine-better-way-thailand-company/\r\nPage 2 of 3\n\nIn the past, Desorden had posted some of the data on Raid Forums. With Raid Forums seized, they appear to have\r\ncreated an account on another popular hacking-related forum that has both onion and clearnet versions.\r\nNote: Although the headline suggests Desorden was gone for a while, they claim that they have remained active\r\nthe whole time but that most jobs just take months.\r\nSource: https://www.databreaches.net/desorden-is-back-declares-an-attack-on-mistine-better-way-thailand-company/\r\nhttps://www.databreaches.net/desorden-is-back-declares-an-attack-on-mistine-better-way-thailand-company/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.databreaches.net/desorden-is-back-declares-an-attack-on-mistine-better-way-thailand-company/"
	],
	"report_names": [
		"desorden-is-back-declares-an-attack-on-mistine-better-way-thailand-company"
	],
	"threat_actors": [],
	"ts_created_at": 1775874196,
	"ts_updated_at": 1775874255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/19b8d5d3d0f74d0a0be88e3656fda09e6c863f7b.pdf",
		"text": "https://archive.orkl.eu/19b8d5d3d0f74d0a0be88e3656fda09e6c863f7b.txt",
		"img": "https://archive.orkl.eu/19b8d5d3d0f74d0a0be88e3656fda09e6c863f7b.jpg"
	}
}