A database allegedly containing personal information belonging to around 36.1 million Thai citizens has been offered for sale on an underground online forum for US$100,000. If authentic, the data exposure could affect between 50% and 70% of Thailand’s adult population and may pose significant risks for identity-related crime.
Get today's headlines by email 
According to the listing, the database contains full names, phone numbers, dates of birth, genders and current addresses. The seller claimed the information was collected from a combination of government and private sector sources and requested payment in Monero (XMR), a cryptocurrency widely regarded as more difficult to trace than many other digital currencies.
The alleged breach was reported by Daily Dark Web, which stressed that the authenticity of the database has not been independently verified. The publication said it could not confirm the true source of the information, the number of individuals potentially affected, or whether the records were newly obtained, recycled from previous leaks or compiled from multiple earlier data breaches.
Cybersecurity analysts said that, if genuine, the database could represent one of the largest exposures of Thai citizens’ personal information seen on online black markets. However, they cautioned that claims involving tens of millions of records require technical verification and supporting evidence before any conclusions can be drawn.
Experts warned that personal data of this scale could be exploited for identity fraud, SIM card takeover attempts, financial scams, account recovery attacks and targeted social engineering campaigns. They noted that stolen personal information is often traded repeatedly on dark web marketplaces, making it difficult to determine its original source.
At the time of reporting, no named government agency or private organisation had publicly confirmed or denied the claim. Authorities and affected organisations may need to investigate the origin and authenticity of the alleged database before assessing any potential impact on the public.
Manager Online reported that further scrutiny by cybersecurity specialists is expected in the coming days as efforts continue to determine whether the records are genuine, outdated or linked to previous data leaks.
Picture courtesy of MGRonline
Join the discussion? 
Already a member? 
Adapted by ASEAN Now MGRonline 13 June 2026