Data breach puts southern expats' personal details online
published : 28 Mar 2016 at 18:00
writer: AFP and online reporters
The personal details of thousands of foreign nationals living in the South were briefly leaked online in what the site's developer admitted Monday was a data breach during a test for police.
The leak comes as the government pushes ahead with a much publicised crackdown against foreign visa overstayers and criminals, with immigration police adopting the official slogan "Good guys in, bad guys out."
The gaffe was spotted by social media users late Sunday when a database appeared online containing the names, addresses, professions and passport numbers of more than 2,000 foreigners living in Thailand's southern provinces, principally Nakhon Si Thammarat province.
The website carried an immigration police seal but used a private Thai web address, not one usually associated with government sites. It was openly available without a password and some industrious users guessed the site's less-than-secure administration password: 12345.
It was taken down early Monday, but not before the site's existence had gone viral.
Deputy Prime Minister Prawit Wongsuwon ordered the removal of the foreigners' data from the website, defence spokesman Khongcheep Tantravanich said on Monday.
The data should not be made public and Gen Prawit ordered its removal as foreigners now were concerned about their safety because their specifics were released to the public, Maj Gen Khongcheep said.
Thai Netizens, a digital advocacy group, tracked down the website's owner, a developer called Akram Aleeming, who later posted a statement on Facebook saying the site had mistakenly been made public during testing stages.
Mr Akram confirmed the error to AFP and said immigration police had commissioned the website.
"We were doing a demo," he told AFP. "As people were concerned it might affect security we closed it (the website)."
Immigration police did not respond to requests for comment by AFP.
The website gaffe is yet the latest cyber fail for the government, which has seen the websites for its police, courts and corrections departments all hacked this year. In the case of the Courts of Justice, information technology staffers had made no backups of the website databases and had to rely on the goodwill of the hackers to return them in order to restore the sites.