Data of 106 Million Visitors to Thailand Breached
A British cybersecurity researcher stumbled across his own personal data online after discovering an unsecured database containing the personal information of millions of visitors to Thailand.
Bob Diachenko, leader of cybersecurity research at Comparitech, found the unprotected Elasticsearch database on August 22, 2021. Inside the 200GB digital index were records dating back ten years containing the personal details of more than 106 million international travelers.
Information exposed in the publicly accessible database consisted of full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers.
Before the Covid-19 pandemic affected travel, Thailand was a popular tourist destination, drawing nearly 40 million visitors in 2019 alone.
"Diachenko surmises that any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident," said Comparitech tech writer Paul Bischoff in a report on the data breach.
"He even confirmed the database contained his own name and entries to Thailand."
Researchers at Comparitech were not able to determine how long the data had been exposed before it was indexed by the search engine Censys on August 20, 2021.
Diachenko sent word of the data breach to Thai authorities, who secured the database within 24 hours. Thai authorities informed Comparitech that the exposed data was not accessed by any unauthorized parties.
While the IP address of the database is still public, the index has been replaced with a digital booby trap. Visitors to the IP ..
Support the originator by clicking the read the rest link below.