ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Wongnai Data Breach

wongnai.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 3,924,454
Breach date 28 Oct 2020
Added to tracker 04 Nov 2020
Data classes 8

What happened

In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai. The breach exposed almost 4M unique customer records from some time during 2020 along with names, phone numbers, links to social media profiles and passwords stored as MD5 hashes. The data was self-submitted to HIBP by Wongnai.

Exposed data

Dates of birth Email addresses Geographic locations IP addresses Names Passwords Phone numbers Social media profiles

Recommended actions

  • Change your Wongnai password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Wongnai — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP