A threat actor claims to have breached Pruksa Holding Public Company Limited (PSH), one of Thailand’s largest real estate developers. The actor is advertising a database for sale that allegedly originates from the company’s website, pruksa.com.
The data dump, totaling 476 MB, reportedly contains a table named exp_pruksa_member with hundreds of thousands of user records.
According to the actor, the compromised data includes a significant amount of personally identifiable information (PII). The main table alone allegedly contains 463,577 names.
The exposed data fields include:
- Full names
- Email addresses (460,106 records)
- Phone numbers (417,843 records)
- Hashed passwords (MD5)
- Dates of birth
- Physical addresses (province, zip code, etc.)
- Nationality
- Facebook IDs and other sensitive member profile details
