ShellCodeX Breach Report
Wongnai Data Breach
wongnai.com
Verified breach
Passwords exposed
Accounts exposed
3,924,454
Breach date
28 Oct 2020
Added to tracker
04 Nov 2020
Data classes
8
What happened
In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai. The breach exposed almost 4M unique customer records from some time during 2020 along with names, phone numbers, links to social media profiles and passwords stored as MD5 hashes. The data was self-submitted to HIBP by Wongnai.
Exposed data
Dates of birth
Email addresses
Geographic locations
IP addresses
Names
Passwords
Phone numbers
Social media profiles
Recommended actions
- Change your Wongnai password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Wongnai — attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP