{
	"id": "1215d2e7-73ed-4a59-a745-4b63e6098c02",
	"created_at": "2026-04-09T02:23:54.101749Z",
	"updated_at": "2026-04-10T13:11:53.084376Z",
	"deleted_at": null,
	"sha1_hash": "616164eda78b538b211f102831547edb513440bc",
	"title": "Customer data from hundreds of Indonesian and Malaysian restaurants hacked by DESORDEN - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 391934,
	"plain_text": "Customer data from hundreds of Indonesian and Malaysian\r\nrestaurants hacked by DESORDEN - DataBreaches.Net\r\nPublished: 2022-09-02 · Archived: 2026-04-09 02:16:08 UTC\r\nHackers known as DESORDEN have hit another big Indonesian business. This time, their victim was BOGA\r\nGroup, which operates more than 200 restaurants and outlets across Indonesia and Malaysia under brand names\r\nincluding Bakerzin, Pepper Lunch, Paradise Dynasty, Paradise Inn, Shaburi, Kintan Buffet, Onokabe, Putu Made,\r\nKimukatsu, Yakiniku Like, Ocean 8, Sushi Kaiyo, and Boga Kitchen. Boga Group also operates Boga Catering, a\r\npremium catering service.\r\nMore than 400,000 customer records and 16,000 employee records were acquired by the hackers.\r\nAs is their usual style, DESORDEN provided proof in the form of samples drawn from the corporation’s .csv\r\nfiles.  They also created a recording showing directories, opened files, documents and spreadsheets. The recording\r\nincludes a message to their target:\r\nA message to BOGA from DESORDEN was part of a recording showing access to their files. Image:\r\nDataBreaches.net\r\nhttps://www.databreaches.net/customer-data-from-hundreds-of-indonesian-and-malaysian-restaurants-hacked-by-desorden/\r\nPage 1 of 2\n\nThe highlighted portion of the recording reads:\r\n“To prove that DESORDEN has breached your servers, we have deleted the databases from your server\r\nafter downloading them. In total, we have stolen over 31 GB of data and files from your network of\r\nservers. Check the facts with your IT department. These data include 409,168 information of your\r\ncustomers, with their name, phone, and email as well as 16,476 employees data, financial, and\r\ncorporate data.”\r\nThe numbers correspond to the rows displayed in the .csv files shown in the recording.\r\nA few records from a customer database. DataBreaches.net redacted customers’ names, email\r\naddresses, and phone numbers.\r\nWhen asked about the deletion of databases mentioned in their recording, DESORDEN replied, “They have\r\nbackups. Delete is only for them to know we breached.”\r\nDataBreaches sent an email inquiry to BOGA Group about the attack. No reply has been received.\r\nIn discussing this attack with DESORDEN in an online chat, DataBreaches pointed them to an article from The\r\nJakarta Post about all the leaks and breaches appearing online.  DESORDEN commented that the report did make\r\na point. They say it is easy to go after smaller companies in Indonesia because most small companies have little or\r\nno security (an observation that applies to small companies worldwide). But DESORDEN also notes that these\r\ncountries often have weak or no regulations imposing security standards or requiring notification in the event of\r\nbreaches.\r\n“Countries like India, Malaysia, Indonesia, Thailand. We do not really expect responses from them. Informing\r\nthem is only for courtesy,” DESORDEN told DataBreaches.\r\n“Selling their data is also as profitable. While it doesn’t fetch as much as victim paying, but a single job data can\r\nprofit as much as $20,000 USD in sales of data easily.”\r\nDESORDEN has also recently been telling DataBreaches to expect more breaches in South Korea, Taiwan,\r\nVietnam, and Japan and continuing interest in data from Thailand.  The current market is looking for personal\r\ninformation from these countries, DESORDEN states, from “mostly Chinese buyers.”\r\nSource: https://www.databreaches.net/customer-data-from-hundreds-of-indonesian-and-malaysian-restaurants-hacked-by-desorden/\r\nhttps://www.databreaches.net/customer-data-from-hundreds-of-indonesian-and-malaysian-restaurants-hacked-by-desorden/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.databreaches.net/customer-data-from-hundreds-of-indonesian-and-malaysian-restaurants-hacked-by-desorden/"
	],
	"report_names": [
		"customer-data-from-hundreds-of-indonesian-and-malaysian-restaurants-hacked-by-desorden"
	],
	"threat_actors": [
		{
			"id": "e5ccc758-f2a5-417b-ba5c-70edf39bc048",
			"created_at": "2022-10-25T16:07:24.481513Z",
			"updated_at": "2026-04-10T02:00:05.005021Z",
			"deleted_at": null,
			"main_name": "Desorden",
			"aliases": [],
			"source_name": "ETDA:Desorden",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "b4f79ca0-e94b-4abe-a61e-ea3d2a2458ad",
			"created_at": "2022-10-25T16:07:24.444096Z",
			"updated_at": "2026-04-10T02:00:04.994412Z",
			"deleted_at": null,
			"main_name": "ALTDOS",
			"aliases": [
				"0mid16B",
				"ALTDOS",
				"Desorden",
				"GHOSTR"
			],
			"source_name": "ETDA:ALTDOS",
			"tools": [
				"Agentemis",
				"Cobalt Strike",
				"CobaltStrike",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775701434,
	"ts_updated_at": 1775826713,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/616164eda78b538b211f102831547edb513440bc.pdf",
		"text": "https://archive.orkl.eu/616164eda78b538b211f102831547edb513440bc.txt",
		"img": "https://archive.orkl.eu/616164eda78b538b211f102831547edb513440bc.jpg"
	}
}