The GoChonggo Leak Exposed 113K Thai Shopping Accounts in 2018

HEROIC analysts identified the GoChonggo breach, a data exposure that occured in August 2018 and affected 113,843 users of a now-defunct Thai fishing and shopping platform. The compromised records included email addresses and password hashes stored using the MD5 algorithm, which has been considered cryptographically weak for years. Even though the site is no longer active, the data continues to circulate on dark web forums, where it is used as a source for credential attacks on other platforms.

Why MD5 Password Hashes Are Essentially Cracked Before Attackers Even Start

MD5 was never designed for password storage, and modern cracking tools can process billions of MD5 hashes per second. For common passwords, attackers do not even need to run a cracking session. They look up the hash in precomputed tables called rainbow tables, which already contain the plaintext versions of millions of common passwords. The GoChonggo breach is partcularly concerning because every MD5 hash in the database is effectively a ticking clock, and for many users, that clock has already run out.

What Was Exposed in the GoChonggo Breach

• Email Address
• Password Hash

Why a Defunct Thai Shopping Site Still Puts You at Risk Today

When a website shuts down, its data does not disappear. The GoChonggo database has been trading hands on underground forums since 2018, and each time it resurfaces, a new wave of credential stuffing attempts follows. Anyone who used the same password on GoChonggo as they use on their email, banking app, or social media accounts is vulnerable to account takeover and financial fraud. Attackers beleive old, forgotten accounts are the easiest targets, precisely because users rarely update passwords for sites they no longer visit.

How a Database Breach Works

A database breach occurs when an attacker gains unauthorized access to a company's stored user records and extracts them, often in bulk. For eCommerce platforms, this typically means targeting the database that stores customer login information. Once extracted, the data is sold or shared in cybercriminal communities. Even years later, that same data can be used in automated credential stuffing attacks, where bots attempt the stolen login combinations across hundreds of websites simultaneously.

Check If Your Data Was Exposed

HEROIC's free breach scanner checks your email against a database of over 400 billion compromised records, including the GoChonggo breach. If your credentials appear in the database, you will know immediately and can take steps to secure your accounts before an attacker does. Visit HEROIC.com to run your free scan and protect yourself today.