Immigration data of over 100 million foreign travelers to Thailand leaked
More than 106 million travelers who visited Thailand in the last ten years had their personal details exposed online in August 2021, UK-based data security company Comparitech said in a new report published on September 20.
Thailand, a popular tourist destination in Southeast Asia with a peak visitor number of nearly 40 million in 2019, the last year before the Covid-19 pandemic struck, is also notorious for its lax cybersecurity efforts and sometimes has been referred to as “paradise for hackers” where even government homepages are using Gmail addresses and the https format is rarely seen.
Comparitech said that its head of cybersecurity research Bob Diachenko found a database in August containing the personal information of travelers to the country but noted that the leak was “quickly” plugged by authorities.
Name, passport number and residency status exposed
However, he said “any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident,” including their name, passport number and residency status.
Comparitech said Diachenko also found his own name and details about his entries into Thailand on the database, which contained information dating back to 2011.
Thai authorities were informed on August 22 and secured the data the following day.
“We do not know how long the data was exposed prior to being indexed,” the report said.
Thai authorities “maintain the data was not accessed by any unauthorised parties,” it added.
Thailand’s Cyber Crime Investigation Bureau said it was unaware of the incident but was looking into it.
Not a singular case
While the Thai authorities are playing down the leak, it is in fact only one of many such cases. In June, a government website for foreigners to sign up for a coronavirus vaccine was found to be revealing the names and passport numbers of prospective recipients. The site was taken down soon after.
Also, the website where foreigners can do their regular 90-day reporting online was off the grid for months earlier this year due to security and configuration issues.
More than 106 million travelers who visited Thailand in the last ten years had their personal details exposed online in August 2021, UK-based data security company Comparitech said in a new report published on September 20. Thailand, a popular tourist destination in Southeast Asia with a peak visitor number of nearly 40 million in 2019, the last year before the Covid-19 pandemic struck, is also notorious for its lax cybersecurity efforts and sometimes has been referred to as “paradise for hackers” where even government homepages are using Gmail addresses and the https format is rarely seen. Comparitech said that its...
More than 106 million travelers who visited Thailand in the last ten years had their personal details exposed online in August 2021, UK-based data security company Comparitech said in a new report published on September 20.
Thailand, a popular tourist destination in Southeast Asia with a peak visitor number of nearly 40 million in 2019, the last year before the Covid-19 pandemic struck, is also notorious for its lax cybersecurity efforts and sometimes has been referred to as “paradise for hackers” where even government homepages are using Gmail addresses and the https format is rarely seen.
Comparitech said that its head of cybersecurity research Bob Diachenko found a database in August containing the personal information of travelers to the country but noted that the leak was “quickly” plugged by authorities.
Name, passport number and residency status exposed
However, he said “any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident,” including their name, passport number and residency status.
Comparitech said Diachenko also found his own name and details about his entries into Thailand on the database, which contained information dating back to 2011.
Thai authorities were informed on August 22 and secured the data the following day.
“We do not know how long the data was exposed prior to being indexed,” the report said.
Thai authorities “maintain the data was not accessed by any unauthorised parties,” it added.
Thailand’s Cyber Crime Investigation Bureau said it was unaware of the incident but was looking into it.
Not a singular case
While the Thai authorities are playing down the leak, it is in fact only one of many such cases. In June, a government website for foreigners to sign up for a coronavirus vaccine was found to be revealing the names and passport numbers of prospective recipients. The site was taken down soon after.
Also, the website where foreigners can do their regular 90-day reporting online was off the grid for months earlier this year due to security and configuration issues.
