Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Thailand. Show all posts
Unprotected database
Customer Data customer privacy Data Breach Personal Information Thailand Unprotected database

Thailand's Data on 106 Million Visitors has been Breached

 

After uncovering an unsecured database collecting the personal information of millions of tourists to Thailand, a British cybersecurity researcher unexpectedly stumbled upon his own personal data online. An unencrypted Elasticsearch server was discovered by Bob Diachenko, a cybersecurity researcher and security leader at Camparitech, exposing the personal data of approximately 106 million international passengers to Thailand. The data was accessible online in an unsecured database, allowing anyone to access it. 

Threat actors are constantly on the lookout for unprotected servers. There is no proof of how long the database was exposed before Diachenko's disclosure in this case. A honeypot, on the other hand, was set up to monitor hacker intrusions.

 “Notably, the IP address of the database is still public, but the database itself has been replaced with a honeypot. Anyone who attempts access at that address now receives the message: This is honeypot, all access were logged,” Diachenko added. 

A honeypot is a security tool that detects or prevents unauthorized network and information system breaches. The organization set up a honeypot to see how quickly hackers would attack an Elasticsearch server using a dummy database and fake data. From May 11 until May 22, 2020, Comparitech left the data exposed. It discovered 175 attacks in just eight hours after the service went live, with a total of 22 attacks in a single day. 

After he reported the problem to Thai authorities, the database was safeguarded. According to Diachenko, every visitor who visited Thailand in the last ten years may have had their personal information exposed as a result of the event. Over 200GB of user data was stored in the database. Date of arrival in Thailand, full name, sex, passport number, residency status, visa type, and Thai arrival card number were among the data disclosed. 

“Any foreigner who traveled to Thailand in the last decade or so probably has a record in the database. There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues. None of the information exposed poses a direct financial threat to the majority of data subjects,” Diachenko stated. 

“No financial or contact information was included. Although passport numbers are unique to individuals, they are assigned sequentially and are not particularly sensitive,” Diachenko added.
Read more »
User Security
Covid-19 Vaccinations Data Breach Site Crash Thailand User Privacy User Security

Despite Data Leak and Glitches, Foreigners able to Register on Vaccine Site

 

Thailand's new vaccination appointment registration website, expatvac.consular.go.th, has received mixed reviews since its launch. 

Many people reported that they had a variety of issues, and a few mentioned that they eventually received emails confirming their registration and upcoming appointments. Consequently, it resulted in a data breach.

The vaccination registration site went live at 11 a.m., and within minutes, users were complaining about crashes, glitches, and the fact that their personal information was accessible online. Screenshots of publicly accessible backdoors that disclosed the emails and personal information of over 20,000 applicants began to surface online, raising worries about safety and privacy. 

The data leak looks to have been rectified now. Many people reported that the system failed at the point where they typed their email address and the vaccination registration site started crashing or an error occurred prompting them to start over or refresh the page. When they did so, the system refused to accept their email address. The backend database recorded their information while the site went down, and as a result, the email address had already been used and was declined. 

Some others recommended that using the same email address they used for immigration was the workable option. Many people advised saving photos of the passport and visa, as well as any pertinent medical paperwork. People stated that they were able to attempt again and again despite the crashes, failures, and site outages, and eventually made it through the procedure. 

A user shared their confirmation email, stating the successful enrollment, and would receive another email later offering a vaccine appointment that must be confirmed within 24 hours. The message also stated that the site will schedule appointments for vaccination centers outside of the greater Bangkok area. 

The Ministry of Public Health will allocate a vaccination site in the region for people who live in areas other than Bangkok and neighboring provinces (Nakorn Pathom, Nonthaburi, Pathum Thani, Samut Prakan, and Samut Sakhon). The vaccine schedule will be defined by the Ministry of Public Health's priorities, which include age group, vulnerability, and high-risk zones, among other criteria. 

Despite several difficulties, officials appear to be working efficiently to fix concerns, and registrations appear to be proceeding. It is suggested that if foreigners find problems, they should keep attempting while the vaccination site opens and stabilizes.
Read more »
Subscribe to: Posts (Atom)