Data of more than 100m arrivals exposed

Data of more than 100m arrivals exposed

Waiting to clear immigration outside the arrivals hall at Suvarnabhumi airport in 2017. The personal information of millions of travellers over the past decade could be among details exposed online. (File photo)
Waiting to clear immigration outside the arrivals hall at Suvarnabhumi airport in 2017. The personal information of millions of travellers over the past decade could be among details exposed online. (File photo)

The personal data of 106 million international travellers to Thailand was found last month to have been exposed online.

According to Comparitech, a cybersecurity research firm, the breach was quickly secured by Thai authorities.

The National Cybersecurity Agency (NCSA) likewise confirmed the incident, adding it had not detected any attempts to sell the data on underground websites. 

Comparitech indicated the database included full names, sex, passport numbers, arrival dates, visa types and residency status. 

According to the research firm, the database was indexed by search engine Censys on Aug 20. Comparitech discovered the indexing two days later and immediately alerted Thai authorities. 

Thai authorities secured the database on Aug 23. 

Database records run from 2011 to the present, meaning all who travelled to Thailand over the previous decade might have had their information exposed

According to Comparitech, Thai authorities responded quickly to the disclosure, although the research firm noted it did not know how long the data had been exposed prior to its being indexed.

Grp Capt Amorn Chomchoey, acting secretary general of the NCSA, told the Bangkok Post an ethical hacker informed authorities they should fix the issue. 

“We have checked, and as far as we know there is still no sale of data via underground web groups,” Grp Capt Amorn said. 

Meanwhile, a user on raidforums.com, a database sharing and marketplace forum, on Tuesday offered to sell 15 million data records involving emails, names, home addresses and phone numbers of those using e-commerce platform Shopee. 

Responding to the Shopee case, Grp Capt Amorn said his agency was working with the e-commerce company to verify whether there had been a data breach

Vocabulary

  • acting: doing the work of the usual person in a particular job while they are not there, or until a new person starts - ที่รักษาการแทน
  • breach: security breach; when hackers or criminals enter a computer system illegally and take information or do something with the system -
  • database: a large amount of information stored in a computer in an organised way - ฐานข้อมูล
  • detected: noticed, discovered or found out - จับได้ พบได้
  • disclosure: information or a fact that is made known or public that was previously secret or private - การเปิดเผย
  • exposed: made known; uncovered - เปิดเผยต่อ
  • hacker: a person who secretly finds a way of looking at and/or changing information on somebody else's computer system without permission - ผู้ที่มีความชำนาญในการใช้คอมพิวเตอร์ไปในทางที่ผิดกฎหมาย เช่น แอบขโมยข้อมูลจากคอมพิวเตอร์ในเครือข่าย
  • residency: living in a place, being a resident - ผู้ที่อาศัยในท้องที่
  • secretary general (noun): the person who is in charge of the department that deals with the running of a large international or political organisation - เลขาธิการ, เลขาธิการใหญ่
  • underground: operating secretly and often illegally - ใต้ดิน
  • verify: to prove that something is true, or to make certain that something is correct - พิสูจน์ว่าเป็นความจริง
Do you like the content of this article?
COMMENT