Data leak on thailandintervac.com was an error caused by system maintenance

[webfact]

 

Thai government released a statement apologising for the “temporary glitch” on the thailandintervac.com vaccination booking website, explaining the error was due to urgent system maintenance.

 

Hours after the website was launched, several members of the expat community in Thailand reported that they could see and edit personal information of other registrants, appearing on the web page. It was taken offline soon after the issue arose.

 

Natapanu Nopakun, Deputy Spokesperson for Thailand’s Foreign Affairs Ministry said that the “temporary glitch” was addressed immediately by the Public Health Ministry (MoPH). The MoPH explained that the developer was updating the system on Monday afternoon, to ensure it could accept a large number of registrants, who are foreigners living in Thailand and wishing to get the vaccine.

 

-- © Copyright Thai PBS 2021-06-16

 

- Whatever you're going through, the Samaritans are here for you

- Follow Thaivisa on LINE for breaking COVID-19 updates

[holy cow cm]

1 minute ago, webfact said:

Thai government released a statement apologising

Now Government of sorry. And you can take that 2 ways.

[ThailandRyan]

So in other words, just a misunderstanding, brake failure, or not my fault.....What are you:

7 minutes ago, webfact said:

Natapanu Nopakun, Deputy Spokesperson for Thailand’s Foreign Affairs Ministry

Going to do about it?

Edited June 16, 2021 by ThailandRyan

[mtls2005]

Thailand 4.0 needs a diaper.

[tgw]

Quote

The MoPH explained that the developer was updating the system on Monday afternoon, to ensure it could accept a large number of registrants, who are foreigners living in Thailand and wishing to get the vaccine.

 

aah the old "if it wasn't for the foreigners, it wouldn't have happened"

 

and no, "system maintenance"  doesn't cause data leaks through the front end.

[Phuketshrew]

A "developer" conducting system maintenance on a live system just hours after it has been released? Absolutely clueless.

[Caldera]

In some cases they would really look wiser if they refrained from "explaining" things. This is such a case.

[Pravda]

3 minutes ago, Caldera said:

In some cases they would really look wiser if they refrained from "explaining" things. This is such a case.

 

Why, I like it.

[Excel]

And the reason it is still not working now is what  1) System maintenance is still ongoing by incompetent people ? 2 ) System maintenance has been undertaken wrongly so that the software is now corrupted totally or 3) Simply government lies ?

[canopus1969]

It's called incompetence - perid !

[internationalism]

data leak was exposed on Sunday at 2pm by andrew macgregor marshall.

some claim to see it several days ago.

some claim they had chance to see all data.

Not sure, why foreign ministry has to lie? that website and this matter is in competence of health ministry.

It it because also diplomatic corp and the UN workers data was exposed? All of them had to register through this website.

If criminals, terrorists will get hold of those addresses it will have serious consequences 

[richard_smith237]

thailandintervac.com - was an error - just leave it at that. 

 

It didn’t work properly, drop down menus didn’t function, it was not tested before it was released.

 

It is a perfect example of ‘incompetence’.... lets face it, every App the government releases doesn’t work because they do it on the cheap and use inexperienced and incompetent people who do not know what they are doing. 

 

There was never any reason to use it...    Mor Promt App was working, they could simple open up the language options (to English) and open it up for non-Thai’s and accept passports etc

 

There was never any reason for a separate ‘vaccine reservation system’ other than ‘ensuring Thai’s’ got the vaccine first, which IMO is very wrong. It is important that everyone is vaccinated.

 

 

 

Edited June 16, 2021 by richard_smith237

[rabas]

7 minutes ago, internationalism said:

data leak was exposed on Sunday at 2pm by andrew macgregor marshall.

some claim to see it several days ago.

some claim they had chance to see all data.

Not sure, why foreign ministry has to lie? that website and this matter is in competence of health ministry.

It it because also diplomatic corp and the UN workers data was exposed? All of them had to register through this website.

If criminals, terrorists will get hold of those addresses it will have serious consequences 

 

So Andrew MacGregor announces it to the whole world and all it's criminals, but does not push the very prominent report bugs button at the bottom of the main page.

 

Edited June 16, 2021 by rabas

[Golden Triangle]

3 minutes ago, rabas said:

 

So Andrew MacGregor announces it to the whole world and all it's criminals, but does not push the very prominent report bugs button at the bottom of the main page.

 

There was no " Report Bugs" button prior to this incident. ????

[internationalism]

5 minutes ago, rabas said:

 

So Andrew MacGregor announces it to the whole world and all it's criminals, but does not push the very prominent report bugs button at the bottom of the main page.

 

report bug was only added to this website, after it was shut down on monday afternoon. 

The only operating function on this website is reporting bug.

Most likely programmers had a very long weekend, left site unattended, came back on Monday noon and were ordered by the foreign ministry to shut it down

Edited June 16, 2021 by internationalism

[jacko45k]

Just now, Golden Triangle said:

There was no " Report Bugs" button prior to this incident. ????

There was but it didn't work....

[rabas]

2 minutes ago, Golden Triangle said:

There was no " Report Bugs" button prior to this incident. ????

 

There was one when I signed up on the 7th. I remember thinking about reporting a few things. It was made more prominent later.

[clivebaxter]

11 minutes ago, rabas said:

 

So Andrew MacGregor announces it to the whole world and all it's criminals, but does not push the very prominent report bugs button at the bottom of the main page.

 

why help a regime that last week tried to get his fb page banned and would probably jail him for life if he ever came back?

[Golden Triangle]

8 minutes ago, rabas said:

 

There was one when I signed up on the 7th. I remember thinking about reporting a few things. It was made more prominent later.

I have to be honest & say I didn't see one, it was mentioned by more than a few members that reported a 'New' report button when the site was reopened after the debacle.????

[RotBenz8888]

And now the immigration... 

 

 

???? URGENT WARNING: Are you using the online form to book an appointment at Bangkok Immigration? You should be aware of a data breach that exposes all of your personal data such as passport number, nationality, date of birth, email, telephone number, visa expiry date etc.

The Immigration data breach is NOT a hack. All you have to do is change certain characters in the URL of your completed booking form to see data for other people. I am sure a high school student could write a simple script to mine all of this data going back years. 

The Immigration data breach affects anyone who has ever used this website: http://203.151.166.132/immigrant_queue/booking to book an appointment for Immigration offices in Bangkok. 

#Bangkok #Thailand

 

https://www.facebook.com/100044288176713/posts/351612566325013/

Edited June 16, 2021 by RotBenz8888

[rabas]

2 minutes ago, Golden Triangle said:

I have to be honest & say I didn't see one, it was mentioned by more than a few members that reported a 'New' report button when the site was reopened after the debacle.????

 

I remember it being inside after entering the system. It was later made prominent on the front page after the issue.  I struggled like others for days although I was successful on the first day and again later when they lost data and menus stopped working for some. As a programmer myself, I worked hard to understand the bugs and posted a few hints, including the Unix origin of Jan 1 1970. 

 

As a master bug maker, I thought about giving them feedback. I can't imagine thinking about that if I had not seen a way to do it. Having said all that, I could be wrong.

[Fex Bluse]

33 minutes ago, rabas said:

 

So Andrew MacGregor announces it to the whole world and all it's criminals, but does not push the very prominent report bugs button at the bottom of the main page.

 

 

Actually, the very best thing to do in this case, especially considering Thailand, is to make the public aware. Public awareness and pressure is the best remedy to get it resolved as quickly as possible.

[ThailandRyan]

9 minutes ago, RotBenz8888 said:

And now the immigration... 

 

 

???? URGENT WARNING: Are you using the online form to book an appointment at Bangkok Immigration? You should be aware of a data breach that exposes all of your personal data such as passport number, nationality, date of birth, email, telephone number, visa expiry date etc.

The Immigration data breach is NOT a hack. All you have to do is change certain characters in the URL of your completed booking form to see data for other people. I am sure a high school student could write a simple script to mine all of this data going back years. 

The Immigration data breach affects anyone who has ever used this website: http://203.151.166.132/immigrant_queue/booking to book an appointment for Immigration offices in Bangkok. 

#Bangkok #Thailand

 

https://www.facebook.com/100044288176713/posts/351612566325013/

Ugly, and not funny.  What absurdity this is.

[tgw]

2 hours ago, Caldera said:

In some cases they would really look wiser if they refrained from "explaining" things. This is such a case.

 

yup.

there already is "mansplaining" things, but now we can certainly be sure that there is such a thing as "thaisplaining"

[johng]

52 minutes ago, RotBenz8888 said:

And now the immigration... 

Not the first time either.

[tgw]

1 hour ago, rabas said:

So Andrew MacGregor announces it to the whole world and all it's criminals, but does not push the very prominent report bugs button at the bottom of the main page.

 

as far as I understood, the bug design flaw reckless highschool-student-level programming had already been there for 24 hours before he posted it.

 

maybe authorities were alerted right away but did nothing until the news hit social media. as it is so often the case in Thailand.

 

and let's face it, when slightly changing the text on their ultra-simple page, they don't even manage to get the spacing and padding right. it seems like nobody cares.

 

 

looking a the page's source code,  they use tables for layout and inline styles. LOL.

of course, bootstrap and jquery are completely needed to display that page 555

 

and very cute, the DDC's email address has been hidden from view by wrapping it with HTML comment tags

 

Edited June 16, 2021 by tgw

[tgw]

1 hour ago, RotBenz8888 said:

And now the immigration... 

 

 

???? URGENT WARNING: Are you using the online form to book an appointment at Bangkok Immigration? You should be aware of a data breach that exposes all of your personal data such as passport number, nationality, date of birth, email, telephone number, visa expiry date etc.

The Immigration data breach is NOT a hack. All you have to do is change certain characters in the URL of your completed booking form to see data for other people. I am sure a high school student could write a simple script to mine all of this data going back years. 

The Immigration data breach affects anyone who has ever used this website: http://203.151.166.132/immigrant_queue/booking to book an appointment for Immigration offices in Bangkok. 

#Bangkok #Thailand

 

https://www.facebook.com/100044288176713/posts/351612566325013/

 

what a farce

[metisdead]

Troll posts have been removed. 

[Golden Triangle]

Hey hey Thailand the (new) hub of data leaks ????

[inThailand]

Maintenance? 

 

Testing? 

 

Two things I have never seen here.