Desorden Group expands attack on Central Group after deal to pay them allegedly fell through

Yesterday, this site reported that Desorden Group hit Central Restaurants Group (CRG) in Thailand. A Desorden spokesperson had told this site that there would be more details to be revealed, and now there are.

It appears that Centara Hotel Group is part of the Central Group that had been breached.  Centara has now issued a statement on their site confirming that there has been a breach and what they did after first becoming aware on October 14 of a problem.  CRG has also issued a statement (in Thai) on its site that attempts to reassure people that no credit card or financial information was stolen.

Desorden Group responded to some of Centara’s statements in an email to

“In the announcement,” Desorden writes, “they managed (sic) that they have engaged a reputable consultant to deploy investigation immediately after we notified them. We notified them. The management tried to recover their data and started negotiation with us on 16th October 2021. On 17th Oct, they managed to recover part of the system and asked for proof that we breached them. The same day, within 10 minutes, we breached the exact same network of 5 servers and compromise it to show them that we have immediate access to their servers again.

Reputable consultant, we will leave it for the public to think about it.”

Desorden also disputes Centara’s claim that the breach impacted “a limited section of our network, with the general personal data of some of our customers.”

“We basically brought down their entire backend, which consists of 5 servers,” Desorden responds. “In total, over 400 GB of files and data was stolen over a course of 10 days.”

Desorden claims that the exfiltrated data includes millions of customers from many countries:

“Basically, anyone who have ever stayed at any of their 70 luxury hotels between 2003 to 2021 has been compromised and we mean luxury first class hotel guests,” Desorden writes, adding:

“In the chat, we have sent them proof of the data by exporting any dataset which they requested and they have verified the hotel guest leaks. Also, 400 GB of data included all financial data, corporate data, employee data, etc. Basically, we wiped their network of 5 servers in the heist.”

According to Desorden, hotel guest data included name, passport number, id number, phone, email, (some had address of residence), check-in/departure time, etc.

“Many millions of them, even those who booked in advance until December 2021 are affected, “Desorden claims.

Desorden informed that they have gone public with these details and additional attacks on Central Group because after reaching a deal to reportedly pay Desorden $900,000.00 USD on October 26, Central Group management broke the agreement to pay. In addition to attacking Centara, Desorden then also attacked other (additional) Central Group companies and claims that they will be publishing the hotel data in a few days.

A selection of files were provided to this site as proof of claims. reached out to both Central Restaurants Group and Centara Hotel to request a response to Desorden’s claims, but no responses have been received, possibly due to the late hour there.

This post will be updated if a reply is received.

About the author: Dissent

Comments are closed.