A 200GB database including full names, passport numbers, visa type and more of over 106 million international visitors to Thailand was leaked online. The dates on the record suggest that the leak might impact anyone who has visited Thailand from 2011 to the present day.
The database was discovered by Bob Diachenko, head of Comparitech’s cybersecurity research team, on 22 August. Diachenko immediately alerted Thai authorities of the leak, who promptly acknowledged the incident and secured the database the following day, as reported by Comparitech on Monday.
The IP address of the database is still public; however, the database itself has been replaced with a honeypot at the time of writing. Any attempts to access the database at the old address will receive the message “This is a honeypot, all access were logged”
While the database was secured by Thai authorities on 23 August, it was indexed by a search engine called Censys on August 20, three days before any preventive measures could be taken.
This leaves the big question of whether or not the data was exposed prior to being indexed, and if it was, then for how long? As usual, Thai authorities reported that any unauthorised personnel did not access the data.
The database was hosted on Elasticsearch and came in at around 200GB, with over 106 million records consisting of the following information.
- Date of arrival in Thailand
- Full name
- Passport number
- Residency status
- Visa type
- Thai arrival card number
While none of the data exposed is particularly sensitive, it does somewhat publicise many people’s travel history. No financial or contact information was included in the leak.
In the News: Netflix is available for free in Kenya
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at firstname.lastname@example.org, or follow him on Instagram or Twitter.