UK-based online research firm Comparitech yesterday published a report detailing how Thai authorities had let a database containing information of 106 million visitors to the country out in the open web and indexed by a search engine.
According to Comparitech, the database goes back to 2011 and includes the name, sex, passport numbers, visa types, and date of travel of all the visitors to the Kingdom.
The firm had let the Thai government know about the exposure, and the database had been taken down the following day last month. The government claims that the database had not been accessed by unauthorized third parties, but how could they know? Comparitech did.
Here’s an excerpt from the Comparitech:
The personal details of more than 106 million international travelers to Thailand were exposed on the web without a password, Comparitech researchers report. The database included full names, passport numbers, arrival dates, and more.
Bob Diachenko, who leads Comparitech’s cybersecurity research, discovered the database on August 22, 2021 and immediately alerted the Thai authorities, who acknowledged the incident and secured the data the following day.
Diachenko surmises that any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident. He even confirmed the database contained his own name and entries to Thailand.
Haven’t we already got accustomed to these never-ending data leaks by companies and governments? But, unfortunately, it appears to be an uphill battle to keep the personal data safe that is collected electronically.
It appears that the database didn’t include your date of birth that could have been information used for nefarious purposes. Passport numbers are usually in a specific format for each issuing country and essentially throw away.