Skip to content

200GB database of over 106M international visitors to Thailand leaked

  • by
  • 2 min read

A 200GB database including full names, passport numbers, visa type and more of over 106 million international visitors to Thailand was leaked online. The dates on the record suggest that the leak might impact anyone who has visited Thailand from 2011 to the present day. 

The database was discovered by Bob Diachenko, head of Comparitech’s cybersecurity research team, on 22 August. Diachenko immediately alerted Thai authorities of the leak, who promptly acknowledged the incident and secured the database the following day, as reported by Comparitech on Monday

The IP address of the database is still public; however, the database itself has been replaced with a honeypot at the time of writing. Any attempts to access the database at the old address will receive the message “This is a honeypot, all access were logged”

In the News: OnePlus’ 2022 flagship will feature a unified OS in partnership with Oppo

Unsafe travels

While the database was secured by Thai authorities on 23 August, it was indexed by a search engine called Censys on August 20, three days before any preventive measures could be taken.

This leaves the big question of whether or not the data was exposed prior to being indexed, and if it was, then for how long? As usual, Thai authorities reported that any unauthorised personnel did not access the data. 

A sample of the database | Source: Comparitech

The database was hosted on Elasticsearch and came in at around 200GB, with over 106 million records consisting of the following information.

  • Date of arrival in Thailand
  • Full name
  • Sex
  • Passport number
  • Residency status
  • Visa type
  • Thai arrival card number

While none of the data exposed is particularly sensitive, it does somewhat publicise many people’s travel history. No financial or contact information was included in the leak. 

In the News: Netflix is available for free in Kenya

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: