NEW DELHI: A notorious cybercriminal operating under the alias ‘vebxpert’ has claimed responsibility for a major data breach involving Thailand Post (thailandpost.co.th). The actor has allegedly posted a database of 19 million customer records for sale on a dark web forum, sparking serious concerns over data security and user privacy in the country.
According to the post, the breach occurred in March 2025, and the stolen data is being sold in CSV format for $15,000 in Monero (XMR) — roughly Rs 12.5 lakh. The seller insists that only one copy of the data is available and that they will share the complete dataset after the transaction is made.
What’s in the database?
The leaked database, as described by the seller, includes a wide range of sensitive information:
- Full names
- Mobile numbers
- Email addresses
- Birthdates and birth months
- Citizen and account ID numbers
- Home addresses
- Transaction history
- Membership and registration details
- Postal office interactions
- Points and loyalty program data
The post contains a sample record from the dataset, showing fields like “Balance Point,” “Last Purge Spending,” “Total Expired Points,” and “Main Contact Person Email.” It also includes actual names, phone numbers, and masked email addresses of individuals.
Despite stating that many fields contain null values, the seller claims that the data is still valuable and actionable for anyone looking to exploit it.
Seller profile: A new player with big claims
The threat actor behind the leak, vebxpert, is a relatively new user on the dark web forum, having joined in November 2023. Their profile shows minimal interaction — only 35 posts and zero reputation score — raising questions about credibility.
However, the detailed sample, combined with the high asking price and the nature of the data, suggests this may be a legitimate and serious breach. The420.in could not independently verify the claims made by the threat actor.
ALSO READ: Cyber Crime Crackdown: STF Uttarakhand Launches ‘Operation Prahar’ Against Cyber Criminals
Terms of sale: Cryptocurrency only, no middlemen
- Price: $15,000 in Monero (XMR) — approx. Rs 12.5 lakh
- Only one copy for sale
- Full dataset delivered after payment
- No third-party involvement or escrow
- Communication via secure channels
The listing includes a file-sharing link (hosted on Bitebble.com) that contains sample data for prospective buyers to review before purchase.
Potential impact: Millions at risk of fraud
If authentic, this leak could put millions of Thai citizens at serious risk. The exposed data could be used for phishing and scam calls, identity theft, credential stuffing attacks, financial fraud, and targeted social engineering. Thailand Post, as the country’s national postal service, manages a vast amount of personal and logistical information. A breach of this scale could jeopardize not only individual customers but also government correspondence, business transactions, and official communications.
No official confirmation from Thailand Post
As of now, Thailand Post has not released any public statement acknowledging the breach. There is no confirmation from the company, law enforcement, or data protection authorities regarding the validity of the claim.
The silence has raised concerns among cybersecurity professionals, who are urging an immediate audit of the company’s IT infrastructure.
ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!
How the data was presented
The forum post includes a long snippet of CSV data — possibly as a way to prove legitimacy. The fields include:
- “First Name,” “Last Name,” “Account Name,” “Mobile,” “Email”
- “Birthdate,” “Citizen ID,” “Created Date,” “Last Modified Date”
- “Last Purge Spending,” “Point of Sale,” “Province,” “Zip Code”
- “Previous Spending (FY),” “Total Points,” and “Transaction Snap Data”
Some of the sample records are partially in Thai script, indicating that the data is highly localized and likely sourced from official systems.
If verified, this would rank among the largest-ever data leaks involving a government-affiliated organization in Thailand. The potential misuse of such detailed records could ripple through various sectors — from finance and telecom to logistics and healthcare.
Cybersecurity firms warn that even partial leaks can enable dangerous follow-up attacks and that the affected individuals could be vulnerable for years to come.