Unsecured Database

Security researcher Bob Diachenko has discovered an unsecured database containing personal information of 106 million foreign nationals who have visited Thailand in the past decade.

The 200GB database, which has now been secured, has not been accessed by unauthorized personnel say Thai. The exposed personal information included travelers’ full names, passport numbers, residency status, dates of arrival in Thailand, immigration arrival card numbers, and visa types.

No financial or contact information was exposed. Diachenko did not identify the owner of the database however kept open the possibility the database belonged to the Thai immigration department or the Tourism Authority of Thailand. He says: “Based on what we saw, it belongs to many departments, all coming up together.”

Diachenko, who discovered the data exposure on Aug. 22, says he was unable to ascertain how long the data had been unsecure. The exposed data, he says, was an Elasticsearch database, which was indexed this year on Aug. 20 by search engine Censys.

The earliest record found in the database was from November 2010.

More than an identity theft issue, the exposure is a privacy concern, says Diachenko. Although passport numbers are unique to individuals, they are assigned sequentially and are not particularly sensitive, he explains.

“For example, a passport number can’t be used to open bank accounts or travel in another person’s name on its own.

“However, in combination with other data – name, address, email, phone number, etc. – cross-referenced from other leaks, someone could come up with a perfect profile for a phishing attack,” he says.

Bob Diachenko

“With this information, very compelling spear-phishing emails or vishing calls can be made, using the information as a background story to get a victim to click on a malicious link, open an infected document or give up sensitive information”.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply