Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand

Singaporean and Thai law enforcement have arrested a 39-year-old man in Bangkok suspected of carrying out dozens of high-profile data breaches worldwide, authorities said on Thursday.

The hacker, who operated under the aliases ALTDOS, DESORDEN, GHOSTR and 0mid16B, has been among the most active cybercriminals in the Asia-Pacific region since 2021, according to Singapore-based cybersecurity firm Group-IB, which collaborated with the police to track the hacker down.

His activities led to more than 90 data leaks worldwide, compromising over 13 terabytes of personal data, which he then sold on the dark web. The authorities did not specify any victims but said they include companies in the healthcare, retail, finance, logistics, insurance and recruitment sectors — primarily in Thailand, Singapore, Malaysia, Indonesia, and India, but also in the U.K., Canada, and the U.S. 

During the suspect’s arrest, Thai authorities seized multiple laptops, electronic devices, and luxury goods, including Chanel bags, watches and jewelry, allegedly purchased with proceeds from selling stolen data.

Researchers said extortion was the hacker’s primary goal. Unlike ransomware actors, he did not immediately announce the leaks on dark web forums. Instead, he leaked the stolen data to media outlets or regulatory bodies, increasing reputational and financial damage to businesses.

In some cases, he directly contacted affected customers via email or instant messages to pressure companies into submission. Occasionally, he also encrypted victim databases to exert further control, according to Group-IB.

Singaporean police said in a statement that they began investigating data breaches linked to the suspect in 2020. According to Group-IB, tracking him was difficult because he frequently changed his online aliases and tactics.

“At times, he created a new digital persona to avoid correlation with previous attacks,” researchers said.

Initially, the hacker was highly regarded on data leak forums for possessing a large number of unique data leaks, which allowed him to demand higher prices for the stolen data. However, he was later banned from certain forums for scamming and operating multiple accounts, researchers said.

Police have not disclosed the suspect’s identity, but Thai media reported that he goes by the name Chingwei. According to these reports, he admitted to hacking over 70 databases and said he acted alone, targeting big companies while avoiding government agencies.