{
	"id": "2abcfd78-f431-47b2-9a47-1e49a4b6799e",
	"created_at": "2026-04-11T02:24:09.812674Z",
	"updated_at": "2026-04-11T02:24:15.576488Z",
	"deleted_at": null,
	"sha1_hash": "523a37304d37883c0eb4b05236010c926fd7830e",
	"title": "Thai loyalty membership card data of 5 million customers put up for sale on hacking forum - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51771,
	"plain_text": "Thai loyalty membership card data of 5 million customers put up\r\nfor sale on hacking forum - DataBreaches.Net\r\nPublished: 2024-11-20 · Archived: 2026-04-11 02:14:19 UTC\r\nCentral Group is a multinational conglomerate in Thailand that describes itself as one of the largest private\r\ncommercial conglomerates in Thailand with more than 50 subsidiaries and six key business lines. In October\r\n2021, DataBreaches reported an attack on the Central Restaurant Group by threat actors called DESORDEN.\r\nWhen negotiations failed, DESORDEN revealed details about the scope of the attack. Now, it seems another threat\r\nactor has obtained data from another Central Group subsidiary.\r\nOn November 19, DataBreaches received an email from someone identifying themself as “0mid16B, the same\r\nhacker who breached BlackCanyonThai and AIS Serenade on Nov 2024, and shocked the Thai society by bulk\r\nnotifying over 700,000 of their members at 4am in the morning, resulting in massive news coverage the next\r\nfollowing day.” The remainder of the email described an incident involving the Central Retail Corporation, a\r\npublicly owned subsidiary of Central Group.\r\n0mid16B, who tells DataBreaches that they* have never worked with DESORDEN or ALTDOS, wrote:\r\nBetween August to November 2024, i have accessed and stolen 5,108,826 records of Central Group’s\r\nThe1 Card member personal information via an exposed compromised API endpoint of Central Retail\r\nnetwork.\r\nCentral Group uses The1 Card membership system across every retail and consumer brand under the Central\r\nGroup. The1 Card describes itself as Thailand’s largest loyalty platform, with over 17 million members, or about\r\n25% of Thailand’s population.\r\n“Due to failed negotiation with Central Group,” 0mid16B reportedly decided to sell the data of 5,108,826 records\r\nof The1 member personal information. “The stolen information includes First Name, Last Name, Membership\r\nNumber, National Card ID Number, Country, Mobile Phone and Email. Total size is 582MB,” 0mid16B wrote.\r\n0mid16B provided a sample of the data with a way to verify its authenticity. Hours later, the listing appeared on\r\nthe hacking forum. In the listing, 0mid16B offered to use a middleman escrow service.  That is usually (but not\r\nalways) an indicator of a legitimate seller. The ability to test the sample of data to confirm its validity and the\r\nvideo will also likely persuade potential buyers.\r\nhttps://databreaches.net/2024/11/20/thai-loyalty-membership-card-data-of-5-million-customers-put-up-for-sale-on-hacking-forum/\r\nPage 1 of 2\n\nImage: DataBreaches.net\r\n0mid16B also posted the listing on X.com, commenting, “Thai companies do not care about protecting data.\r\nBecause nothing will happen to them – no PDPA fines, no compensation for customers and no liability #lmao Thai\r\npeople does not demand for their rights.”\r\nDataBreaches asked 0mid16B what happened with the negotiations, curious as to whether Central Group had\r\nmade a deal with them and then broken it as they had allegedly done to DESORDEN. 0mid16B informed\r\nDataBreaches that they had been exfiltrating data until they were detected. Then:\r\nI contacted the management, and an unidentified person contacted me with a request to hold off any\r\nintention to publish. No monetary value was discussed, however a ton of questions on how i stole the\r\ndata. The contact went uncontactable, and i decide it is time to publish it.\r\nDataBreaches emailed Central Group’s contact email and data protection office last night but has received no\r\nreply by publication. DataBreaches also sent email inquiries to Central Group’s email contacts for investor\r\nrelations and public relations. Both of those bounced back with “Recipient address rejected: undeliverable” failure\r\nmessages. This post may be updated if a reply is received.\r\n*  0mid16B informed DataBreaches that they are one individual and not a group. DataBreaches is using\r\n“they/them” because they did not indicate their gender pronoun preference. \r\nSource: https://databreaches.net/2024/11/20/thai-loyalty-membership-card-data-of-5-million-customers-put-up-for-sale-on-hacking-forum/\r\nhttps://databreaches.net/2024/11/20/thai-loyalty-membership-card-data-of-5-million-customers-put-up-for-sale-on-hacking-forum/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://databreaches.net/2024/11/20/thai-loyalty-membership-card-data-of-5-million-customers-put-up-for-sale-on-hacking-forum/"
	],
	"report_names": [
		"thai-loyalty-membership-card-data-of-5-million-customers-put-up-for-sale-on-hacking-forum"
	],
	"threat_actors": [],
	"ts_created_at": 1775874249,
	"ts_updated_at": 1775874255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/523a37304d37883c0eb4b05236010c926fd7830e.pdf",
		"text": "https://archive.orkl.eu/523a37304d37883c0eb4b05236010c926fd7830e.txt",
		"img": "https://archive.orkl.eu/523a37304d37883c0eb4b05236010c926fd7830e.jpg"
	}
}