The saga with Thailand’s data security and the Thailand Pass continues as the database has apparently been hacked and people are now receiving emails with QR codes and files leading to a site containing malware.
According to media reports, the download of the document or scan of the code will then open a variety of websites that attach malware to your computer.
Thailand has a history of government websites being hacked due to a lack of adequate data security and plain negligence.
It’s common in Thailand that official government liaisons are using plain Gmail or Hotmail accounts and even take pictures of confidential documents such as passports with their personal phones and send it to personal Line Messenger Accounts.
Most recently the following databases were compromised and the personal information of individuals available on the internet (and dark net):
- Vaccination Record System
- Immigration Appointment database
- Immigration Entry Database of passengers who have entered Thailand over several years
It didn’t surprise me at all when I read news reports this afternoon that Thailand Pass is the latest source that has been compromised and now previous applicants receive dodgy emails requesting to download a file and scan the QR code.
🚨WARNING: It looks like the Thailand Pass email database has been hacked and is sending out spoof emails with a link that sends people to a malware site after they click on “download”. Everyone is getting the same QR Code for a Mr Hongkam. Please share this news with others pic.twitter.com/6GjQD282LO
— Richard Barrow in Thailand (@RichardBarrow) January 28, 2022
It’s probably needless to say but DON’T DO IT! Delete the email immediately and disregard it!
The subject line of the email already gives it away:
It looks like there is a problem in your case
Now, I have seen some ridiculous messages and phrases from totally legitimate Thai government entities before but it’s highly unlikely that an email with such a header would be real.
This is one of the sites that would pop up when scanning the code:
Many browsers such as Firefox usually block access if the settings are right but nevertheless, one shouldn’t download the attached file or scan the code.
There is a lot of personal data collected under the Thailand Pass system and this situation doesn’t exactly instill confidence that this material is being handled in a trustworthy and secure fashion. As they say: You had ONE job!
Conclusion
It didn’t take very long for the Thailand Pass website to be hacked and the user data of previous applicants be compromised.
The fact that there is a persistent pattern with Thai government entities being vulnerable to attacks by hackers just shows that the entire matter isn’t being taken seriously as after all nobody really has to take responsibility, let alone pay compensation to people who suffered damages due to the ineptitude of the government to hire programmers that are capable in designing more secure systems.
Everything is a rush job and done on the cheap but then it hits the fan then the department heads stand there like wet poodles, twiddling their thumbs. It’s pathetic!