A threat actor has allegedly breached BTS Group Holdings, a major conglomerate in Thailand, and is now selling the company’s data on a popular hacking forum. The seller claims to have the full database from ewet.bts.co.th, a website that appears to be an internal training or learning management portal for the company. The data dump is being sold for $350, with the actor also offering “super admin access” to the website and a PHP reverse shell, which could potentially allow for deeper network infiltration.
BTS Group Holdings is a significant player in Thailand’s economy, best known as the operator of the Bangkok Mass Transit System (BTS Skytrain) and the Bangkok BRT. The company’s interests also extend across media, property development, and other services, making it a high-profile target. The compromised system, according to screenshots, contains records for 6,277 users. The leaked information allegedly includes a wide range of personally identifiable information (PII) that could be leveraged for phishing, identity theft, and other malicious activities.
The threat actor provided screenshots showing the website’s administration panel and a large spreadsheet containing user data. An analysis of the images indicates the following information has allegedly been compromised:
- Full names
- Usernames and hashed passwords
- Email addresses
- Phone numbers
- Institutional and departmental details
- IP addresses
- Physical addresses
- A range of other system-related user data
The vulnerability that led to the breach is reportedly still undiscovered, posing an ongoing risk to the company and its employees whose data is now exposed.
