Skip to content

Thepha District Public Health Office in Thailand Breached, Databases Dumped and Server Access Offered

Breach Report Thailand flagThailand Government / Health Live Access Offered

Thepha District Public Health Office in Thailand Breached, Databases Dumped and Server Access Offered

A threat actor using the alias Monkeydance claims to have breached the Thepha District Public Health Office, a local health authority in Thailand operating under the Ministry of Public Health. Posted on July 9, 2026, the listing offers a full dump described as multiple databases, all files and logs, 1,006 PDF invoices and documents, and backups dating back to May 2026, totaling around 2GB. A sample indicates the databases include website user accounts with hashed passwords and staff contact details. The actor additionally claims to be offering live server access to the compromised system. The claim is unverified.

Data~2GB dump
Documents1,006 PDFs
CountryThailand flagThailand
ActorMonkeydance

Post details

TargetThepha District Public Health Office
CountryThailand flagThailand
SectorGovernment / Health
ClaimFull dump (DBs, files, logs, docs)
DataSite accounts, hashes, documents
ExtraLive server access offered
Observed
ActorMonkeydance

!Allegedly included

  • Multiple database dumps
  • 1,006 PDF invoices & documents
  • All files & logs
  • Backups from May 2026
  • Website user accounts
  • Hashed passwords (staff)
  • Staff contact details
  • Live server access (offered)

Screenshots

Potential impact

A full compromise of a government health office exposes internal databases, administrative documents, and staff credentials, which can enable further intrusion, fraud, and impersonation. The hashed passwords could be cracked to reuse valid accounts, and the offer of live server access means the environment may remain actively compromised rather than merely leaked. The invoice and document set may contain personal and operational information tied to the office's health programs. No sample data, credentials, file listings, links, or access details are reproduced here. The claim is unverified.

iStatus

Unverified

This is a data-leak post with downloads gated behind forum points; the actor also advertises paid live access to the server. No sample records, password hashes, file names, links, or access details are reproduced here. The claim is unverified and the office has not publicly addressed it.

Want everything on this breach? Paid subscribers get the full claim details and more. Check out the threat feed, then after subscribing, search there for this alert. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Latest