AIS plays down 8.3bn-record leak
American publisher says data could 'quickly paint a picture' of a user
published : 25 May 2020 at 18:57
writer: Online Reporters
Advanced Info Service Plc, Thailand’s largest mobile operator, has denied its users’ data are compromised as reported by an American online technology publisher, saying the logs only show an overall picture of internet use, not personal or sensitive information of its customers.
Saichon Sapmak-udom, chief of public relations, told Thai media the revelation by TechCrunch was a result of a test this month to improve its network.
“We insist no customer data are compromised, financial or anything else,” she said.
She added AIS valued customers’ privacy and had always complied with the highest international privacy standards.
TechCrunch, which was acquired by online service provider AOL 10 years ago, reported on Monday AIS had pulled a database offline after 8.3 billion realtime internet records of millions of Thai users were leaked.
The article quoted security researcher Justin Paines, who blogged he had found a server of AWN, one of AIS’ subsidiaries, left exposed to the internet without authentication. It contained the database with DNS queries and Netflow data.
DNS queries are demands sent from a user's device to a DNS server asking for the URL of the website he wants to access. The process happens transparently behind the scene every time a user clicks a link and types a URL.
"DNS queries don’t carry private messages, emails, or sensitive data like passwords, they can identify which websites you access and which apps you use... But that could be a major problem for high-risk individuals, like journalists and activists, whose internet records could be used to identify their sources" read the article.
Advertisers also find DNS data valuable for serving targeted ads.
Netflow data contain the IP flow information of a network. They contain IP addresses, dispensed by ISPs, and if mapped with usage records kept by them, can identify a device.
With access to the database, Mr Paine said that anyone could “quickly paint a picture” about what an internet user or their household does in realtime, the kind of devices they owned, which antivirus they ran, and which browsers they used, and which social media apps and websites they frequented.
He claimed to have alerted AIS about the database on May 13 but received no response after seven days. He then told Thailand’s national computer emergency response team (ThaiCERT) on May 21 and the database was inaccessible shortly later.
“Interestingly enough, AWN had this DNS dashboard saved with a filter specifically looking at Facebook traffic. It's unclear why they would be particularly interested in who was going to Facebook,” Mr Paines wrote.