Pdoggg Posted September 21, 2021 Share Posted September 21, 2021 You can always claim you went to Thailand for the beaches and temples. I do know one guy who has an Excel spreadsheet of the over one thousand ladyboys he slept with. Now that's a treasure trove of data! The personal details of more than 106 million international travelers to Thailand were exposed on the web without a password, Comparitech researchers report. The database included full names, passport numbers, arrival dates, and more. Bob Diachenko, who leads Comparitech’s cybersecurity research, discovered the database on August 22, 2021 and immediately alerted the Thai authorities, who acknowledged the incident and secured the data the following day. Diachenko surmises that any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident. He even confirmed the database contained his own name and entries to Thailand. Timeline of the exposure Dates on the records ranged from 2011 to present day. Here’s what we know happened: August 20, 2021- The database was indexed by search engine Censys. August 22, 2021 – Diachenko discovered the unprotected data and immediately took steps to verify and alert the owner in accordance with our responsible disclosure policy. August 23, 2021 – Thai authorities were quick to acknowledg the incident and swiftly secured the data. Notably, the IP address of the database is still public, but the database itself has been replaced with a honeypot as of the time of writing. Anyone who attempts access at that address now receives the message, “This is honeypot, all access were logged.” [sic] Thai authorities responded quickly to Diachenko’s disclosure, however we do not know how long the data was exposed prior to being indexed. Our honeypot experiments show attackers can find and access unsecured databases in a matter of hours. Thai authorities maintain the data was not accessed by any unauthorised parties. What data was exposed The Elasticsearch database totalled about 200GB and contained several assets, including a collection of more than 106 million records, each of which included some or all of the following info: Date of arrival in Thailand Full name Sex Passport number Residency status Visa type Thai arrival card number Dangers of exposed data Any foreigner who traveled to Thailand in the last decade or so probably has a record in the database. There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues. None of the information exposed poses a direct financial threat to the majority of data subjects. No financial or contact information was included. Although passport numbers are unique to individuals, they are assigned sequentially and are not particularly sensitive. For example, a passport number can’t be used to open bank accounts or travel in another person’s name on its own. Related: Passports on the dark web: how much is yours worth? Why we reported data incident Comparitech’s cybersecurity research team regularly scans the web for unprotected databases containing personal data. When we find such a database, we immediately begin an investigation to find out to whom it belongs, what information it contains, who could be affected, and the potential consequences for data subjects. Once we identify and verify the owner of the data, we alert them according to our responsible disclosure policy. Once the data has been secured, we publish a report like this one to curb harm to end users and raise cybersecurity awareness. https://www.comparitech.com/blog/information-security/thai-traveler-data-leak/ 2 Quote Link to comment
Quietguy Posted September 21, 2021 Share Posted September 21, 2021 Just about everyone I know is aware I go to Thailand every winter. What they want to think about that is up to them. I'm not bothered. The only thing that might be of concern is that name and passport number might be used to facilitate identity theft, but that is a risk every time you use your passport to register at condo/hotel or change money at a exchange booth. 2 Quote Link to comment
seven Posted September 21, 2021 Share Posted September 21, 2021 4 hours ago, Pdoggg said: You can always claim you went to Thailand for the beaches and temples. I do know one guy who has an Excel spreadsheet of the over one thousand ladyboys he slept with. Now that's a treasure trove of data! I told you this in confidence!! Anyways, that document is encrypted now. 1 Quote Link to comment
Woodie Posted September 21, 2021 Share Posted September 21, 2021 36 minutes ago, seven said: I told you this in confidence!! Anyways, that document is encrypted now. Seven. That means you have spent anywhere between 50 and 100 Thousand dollars on LBs!. Could be more!!!!!. Geez I hope it was worth it?. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.