430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Data of 106 million visitors to Thailand leaked online

Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand. The expert discovered the unsecured database on August […]

Thailand data leak

Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand.

The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand.

The expert discovered the unsecured database on August 22, 2021, and immediately notified the Thai authorities, he noticed that some of the data stored in the archive date back ten years.

While the IP address of the database is still public, the database was taken offline and has been replaced with a honeypot.

The database was 200GB in size and contained several assets, including more than 106 million records.

Exposed records include full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers. 

Thailand data leak

“Diachenko surmises that any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident. He even confirmed the database contained his own name and entries to Thailand.” reads the post published by Comparitech.

The good news is that no financial data was contained in the database.

It is not possible to determine how low the archive had been exposed before it was discovered, but Thai authorities told Comparitech that the data was not accessed by any unauthorized parties. 

Below the timeline for the discovery of database:

  • August 20, 2021- The database was indexed by search engine Censys.
  • August 22, 2021 – Diachenko discovered the unprotected data and immediately took steps to verify and alert the owner in accordance with our responsible disclosure policy.
  • August 23, 2021 – Thai authorities were quick to acknowledg the incident and swiftly secured the data.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Thailand)

[adrotate banner=”5″]

[adrotate banner=”13″]