Cyber Agency Warns of Millions of Leaked Accounts Linked to Pirated Software Use

Picture courtesy of The Standard.

The National Cyber Security Agency (NCSA) has issued an urgent warning following the discovery of over a million leaked user credentials, blaming pirated software as a major cause of severe cyber threats to both individuals and organisations.

Air Vice Marshal Amorn Chomchoey, Secretary-General of the NCSA, revealed on 30 May that investigations by the national Computer Emergency Response Team (ThaiCERT) had uncovered widespread use of illegal software. This, he said, had become a primary entry point for hackers to infiltrate computer systems, steal data and launch ransomware attacks.

“The use of pirated software is still alarmingly common. It’s not just an issue of legality, it’s a significant security risk. Once malware embedded in this software accesses user credentials, such as usernames and passwords, it allows hackers to infiltrate internal systems undetected,” Amorn stated.

He warned that infected systems can expose sensitive login information for services such as VPNs, Remote Desktop connections and cloud platforms, giving attackers direct access to organisational networks. Once inside, they can move laterally across systems, stealing data or deploying ransomware.

According to Amorn, more than one million usernames and passwords have already been compromised, with some victims losing entire balances of cryptocurrency from digital wallets. The attacks typically go unnoticed by standard security software, as the credentials used are legitimate and trusted.

ThaiCERT’s analysis revealed that various forms of malware are often bundled with pirated software. The most common threats include:

• Phishing – Scams where attackers impersonate trusted entities to trick victims into revealing personal or financial information.

• Ransomware – Malicious programs that lock a user’s data and demand payment for its release.

• Cryptojacking – The unauthorised use of a victim’s device to mine cryptocurrency, leading to performance degradation and overheating.

Amorn urged the public and organisations to conduct basic checks for signs of malware infection and to cease using unauthorised software immediately. Users can visit the NCSA website at www.ncsa.or.th for guidelines on how to detect potential infections and take appropriate action.

The agency emphasised that securing systems and using only licensed software is essential in the fight against increasingly sophisticated cybercrime.

  Adapted by Asean Now from The Standard 2025-06-01.