Breach Notification , Cybercrime , Fraud Management & Cybercrime

Hackers Claim 400GB of Data Stolen From Thai Hotel Chain

Desorden Group Attacks Thailand's Central Group of Companies
Hackers Claim 400GB of Data Stolen From Thai Hotel Chain
Desorden Group’s message on RaidForums (Source: RaidForums)

The Desorden hacker group claims to have hacked and stolen data belonging to Thai luxury hotel chain Centara Hotels & Resorts, according to a post on RaidForums, an underground database sharing and marketplace forum.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The group says it has access to 400GB of files and databases from five servers in the company's network that contain millions of pieces of hotel guest information, financial data and corporate information, according to the post.

The stolen data includes personal information of hotel guests from around the world who stayed in any of Centara Hotels' properties between 2003 and 2021. The compromised information includes full names and addresses, email IDs, telephone numbers, dates of birth and check-in and departure details, according to the post.

The hacker group shared a sample of the stolen database on RaidForums in the form of CSV files. On cross-checking the leaked contact numbers on caller identification platform Truecaller, Information Security Media Group found them to be legitimate.

In a now-deleted video message on RaidForums, the Desorden hacker group said it would allow the company's management the right to verify the data.

Centara Hotels was informed of the breach on Oct. 14. In a public statement issued on Oct. 27, the company said it had appointed a digital forensic consultant to investigate and validate the compromised data. The initial investigation revealed that the data had indeed been compromised and that "a limited section" of its network had been affected.

The compromised data, according to the hotel chain's statement, includes general personal data, booking information, email IDs and telephone numbers.

Centara Hotels advises its guests to change their passwords as soon as possible and to be aware of any suspicious or unsolicited calls requesting personal information.

More Attacks

Prior to announcing the Centara Hotels exploit, the Desorden Group said on Oct. 26 that it had hacked and breached Thailand's Central Restaurants Group - part of The Central Group of Companies, a family-owned conglomerate involved in real estate, retail, hospitality and the restaurant businesses.

In its statement about the Central Group attack, the Desorden Group said: "We have stolen over 80GB of files and databases from their network. This includes their customer personal information, membership details, financial records, and daily transaction records of all 2,000 restaurants, suppliers' information and vendor details."

The Desorden Group says it has been incessantly targeting The Central Group of Companies due to a conflict with the conglomerate's management team regarding the ransom payout. "This is direct retaliation because Central Group management agreed to pay, however changed their minds on payment day."

Since the fallout, the hacker group says it has been attacking and breaching many businesses in The Central Group of Companies.

Threatening more targeted cyberattacks in the future, the Desorden Group said: "Both the hotel group and the restaurant group are just the start. There are more to come, so follow closely to what we will post."

About Desorden Group

The Desorden Group appears to be a new entrant in the hacking space. It joined RaidForums on Sept. 26. But it has earned a reputation within a short span of time owing to recent high-profile targeted attacks on prominent brands, and some hackers have posted on the group's RaidForums profile, calling the group "professional, helpful and reliable."

On Oct. 14, the Desorden Group posted a note claiming it had exfiltrated 60GB of files and databases from Acer's India-based servers. The files included customer, corporate, account and financial data. The group had also successfully attacked Acer in Taiwan.

An article on notes that the group said the intention behind the attack was to prove that Acer was "way behind in its cybersecurity effects on protecting data and is a global network of vulnerable servers."

On Oct. 21, Singapore-based newspaper The Straits Times reported that Protemps Employment Services, a Singapore employment agency, had been hacked on Oct. 4, and the personal details and salary details of 40,000 job seekers had been compromised.

About the Author

Soumik Ghosh

Soumik Ghosh

Former Assistant Editor, Asia

Prior to his stint at ISMG, Ghosh worked with IDG and wrote for CIO, CSO Online and Computerworld, in addition to anchoring CSO Alert, a security news bulletin. He was also a language and process trainer at [24] Ghosh has a degree in broadcast journalism from the Indian Institute of Journalism & New Media.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.