Oppo confirms data breach in Thailand, denies it was linked to loan app

The Thailand distributor of China’s Oppo brand, Poseify Group Co Ltd, on Friday acknowledged breach of data and said the incident had been reported to the police on December 13, 2024.

The company also filed a formal notification to the Personal Data Protection Center (PDPC Eagle Eye). Investigations are ongoing.

On January 23, PDPC Eagle Eye had revealed screenshots from the dark web advertising the sale of data allegedly originating from Oppo Thailand. The leaked data, totalling over 165GB, reportedly includes critical internal information such as customer and employee data and system databases. The seller, under the alias "SSL_Dragon", was demanding US$20,000 (approximately 680,000 baht) for the data.

In a statement, Poseify Group assured its full cooperation with relevant authorities to expedite the investigation, verify facts, and closely monitor the situation. Should evidence confirm any data breach, the company vowed to take legal action to the fullest extent and work closely with PDPC Eagle Eye to address the issue and safeguard affected parties' data.

The company also clarified that this incident was entirely unrelated to the prior controversy involving loan applications. 

While Oppo Thailand has acknowledged the data breach, key details such as the extent of the leaked data and the number of affected users remain unclear. The PDPC and related authorities are actively investigating the matter. In the meantime, Oppo users are advised to stay updated, be cautious of suspicious emails or messages, change their Oppo account passwords as well as any accounts sharing the same credentials, and regularly monitor their bank account activity.