It gets worse! Thailand Intervac website taken offline after data leak

[KhaoYai]

Are there any Thai government websites that do work?

[sqwakvfr]

If Richard Barrow had not made this public when would the Thai Government have admitted to this?  I would like to thank Richard Barrow for informing the expat community about this gigantic failure.  

[EricTh]

Luckily I haven't registered yet.

 

How many times do we have to 'register' before they get it right?

[jbob]

16 minutes ago, sqwakvfr said:

If Richard Barrow had not made this public when would the Thai Government have admitted to this?  I would like to thank Richard Barrow for informing the expat community about this gigantic failure.  

Because the Thai government appreciates it so much when a farang calls them out and they lose face. Surely Richard could have spoken to one of his government contacts to let then know, usually between 45-120 days notice is given before public disclosure of a bug.

[wensiensheng]

3 hours ago, IvorBiggun2 said:

Sorry to squeeze this in but I dunno where to ask. Some farang the other day posted a photo of himself receiving his Covid injection. Anyone know which thread it was on? Reason why I ask is because a  senior nurse at my local hospital refuses to believe farangs are getting the vaccines. Her hospital has a 'no farang' policy.

Weren’t there 4 farang in Korat that made one of the national newspapers with a photo of them getting vaxxed. About 5/6 days ago.

 

government wanted to show that their farang vaccination project was in full swing and those 4 were the hand picked specimens.

[ThailandRyan]

2 hours ago, Puwa said:

Now you're just stringing me along.

Your sliding on thin red clay now buddy

[wensiensheng]

3 hours ago, kynikoi said:

 

Name and passport have been floating around forever if you travel. Photocopy first pages of the passport details. The address in Thailand is relatively unimportant I think as is the phone number.

 

Largest issue is the DOB.

I travel. I’m not aware that my name and passport details were available to random people logging on to a website?

 

companies had the details, such as airlines, hotels, websites I used to make reservations, IO officers I showed the passport to at the airport, but a guy sitting in a room in Nakhon nowhere looking for data that can be used for illegal activities, nope, I don’t think that was the case.
 

Of course, the companies that I used for reservations were all pukka companies with confidentiality contracts, not a guarantee I know, but I was comfortable with it.

 

why would passport and name details be “floating around”?

[wensiensheng]

2 hours ago, Neeranam said:

But you still have to show a passport to getinto the USA, don't you?

 

Internet security is pretty good these days. I don't mind if anyone gets my passport number and email/address. 

I think there is a need to take care with those kind of details. They can be used for phishing so that more information is gained, and that is then used to get yet more information and so on until people can impersonate you online or irl and get access to bank accounts, apply for credit cards in your name etc.

 

not all the information needs to be obtained in one go, it’s a softly softly catchee monkey kind of exercise.

 

and information gained from this thai website can be sold overseas to some pretty sophisticated criminals. 
 

imho anyway.

[fdsa]

12 minutes ago, wensiensheng said:

why would passport and name details be “floating around”?

because sometimes the personal information such as passport scans is protected by password like "admin" or "12345".

and very often is not protected at all, google for "mongodb leak" - it is a popular database engine intentionally created without any password in the default configuration.

[wensiensheng]

Just now, fdsa said:

because sometimes the personal information such as passport scans is protected by password like "admin" or "12345".

and very often is not protected at all, google for "mongodb leak" - it is a popular database engine intentionally created without any password in the default configuration.

So companies like, say, booking.com, British airways, Agoda etc, might have the information hacked from them by every Tom, Dick and Harry.

 

is that what you are saying?

[Fex Bluse]

4 hours ago, Jonathan Fairfield said:

Just when you thought the process for foreigners in Thailand to register for a COVID-19 vaccine online could not get any more shambolic, the website used for registrations was abruptly taken offline on Monday due a purported data breach.

 

More in thousands of examples of this world class Thai response so many posters keep telling us about 

 

 

 

[fdsa]

4 minutes ago, wensiensheng said:

So companies like, say, booking.com, British airways, Agoda etc, might have the information hacked from them by every Tom, Dick and Harry.

 

is that what you are saying?

not literally every Tom or Dick, but an average high-school IT specialty student might do. They need to know just how to scan the whole internet for open ports and how to use a database client to check the empty password or something like "admin:admin".

 

 

[Fex Bluse]

1 hour ago, KhaoYai said:

Are there any Thai government websites that do work?

Usually the best working part is the home pages with the full page pics and the big 

 

ENTER 

 

button which is about all anyone here cares about anyway. It's the look that counts ????

[Naturesway]

Oh man this is the smallest issue about your data etc. problem after taking the vaccine one day you all will understand what it was meaning 

Edited June 14, 2021 by Naturesway

[simon43]

I love the bug report webpage on that website.  At the bottom of the page it says:

 

"Some bugs on the websites may not safe for other, So please report us immediately and don't share it to public that would help."

[JamieM]

1 minute ago, simon43 said:

"Some bugs on the websites may not safe for other, So please report us immediately and don't share it to public that would help."

they may as well post this emoji -->????

[Caldera]

9 minutes ago, simon43 said:

I love the bug report webpage on that website.  At the bottom of the page it says:

 

"Some bugs on the websites may not safe for other, So please report us immediately and don't share it to public that would help."

 

That bug report feature was definitely a much needed addition. 

[wensiensheng]

21 minutes ago, fdsa said:

not literally every Tom or Dick, but an average high-school IT specialty student might do. They need to know just how to scan the whole internet for open ports and how to use a database client to check the empty password or something like "admin:admin".

 

 

 

I see. Hopefully the bigger, more security conscious companies avoid using common passwords such as admin.

 

but I can see how a small one man band type outfit might be caught out. Or even a medium size outfit.

 

anyway, no need for that password rigamarole now, the Thai government made them freely available for anyone quick enough to access them. ????

[internationalism]

and imagine, that all diplomatic corps, the UN officials all had to register through this website and that all their sensitive info is leaked and at mercy of local and international mafias.

Ransom in such cases are in $mln.

They have to change their homes pronto.

Thai cop assigned for each for their security is really now enough  

[simon43]

6 minutes ago, Caldera said:

 

That bug report feature was definitely a much needed addition. 

Yes, it's the most popular page on their website ????

[JamieM]

4 minutes ago, internationalism said:

and imagine, that all diplomatic corps, the UN officials all had to register through this website and that all their sensitive info is leaked and at mercy of local and international mafias.

A certain communist party not that far away would have been taking notes that's for sure.

[internationalism]

7 minutes ago, JamieM said:

A certain communist party not that far away would have been taking notes that's for sure.

as well as o many fascist political parties around the world are already prepared, just a matter of jumping through phuket sandbox

[Enzian]

According to my United account, they will fly me to SFO on a nice Japanese airline one-way for a mere $519. I have a place to stay an hour from SFO. What in the world am I doing here?

[fdsa]

3 hours ago, wensiensheng said:

I see. Hopefully the bigger, more security conscious companies avoid using common passwords such as admin.

the outsourced coders of the bigger and more security conscious companies download production databases for development purposes, and then upload these databases to Amazon VPS because it is more comfortable than extracting a large database on their own laptop. Guess which password they use on that development VPS?

 

I've seen things you people wouldn't believe ©

[RichardColeman]

You know there's problems with it when the Government go to TukCom to solve it.

[zyphodb]

13 hours ago, Denim said:

I smell another hub of something in the making.

 

Thais and website design. Not the best of combinations.

There are some Thais who are good at IT, They'd just never work for the Government. Would you???

[malibukid]

never trust a Thai to do anything right.  period.  i have these little encounters with them on a daily basis.  its just one disappointment after another.  they simply are wired differently.   this plays out on many levels.  they do not get it and never will.  it all starts early.  i would suggest reading Piaget.

Edited June 14, 2021 by malibukid

[ascott5956]

Special people!!!!!

[crazykopite]

I got so fed up trying to register on these sites I jumped into my car to my local government hospital and registered there and then the car journey and registration took less than an hour far quicker than the 3 hours I spent on my computer. Now I have to wait my turn for confirmation of my appointment but as the hospital told me they have to vaccinate the Thai residents first which I fully understand .

[condobrit001]

This Barrow guy seems to have made a bad situation a lot worse. Why did he not simply inform the site and government of the glitch rather than inform all and sundry on the web that the loophole existed, thus giving the criminal fraternity the heads up to get in lads!