Jump to content

Database containing personal info of 106 million international visitors to Thailand was exposed online


webfact
 Share

Recommended Posts

24 minutes ago, fdsa said:

A bit of technical detais: there is a piece of shít software called "MongoDB" which was created by some IT student on vacation, having no knowledge in informational security or computer networks.

Fun facts:

- by default this database binds to all network interfaces it could find (not the usual 127.0.0.1 local address that all adequate databases would do) thus exposing itself to the Internet rather than the local net.

- by default this database has no authentication at all, thus giving any stranger that connects to the database a full access to all data inside. The authentication in this database is very untrivial to setup so even if you try to make some login and password you might make a mistake and still allow full access to all data inside.

- this database became very popular among the unexperienced programmers because it is BLAZING FAST (the reason is - this database simply stores all data in RAM and every single other database would be as fast if you would store its data in RAM too. But actually if your tables have a complex structure then MongoDB will work much slower than the other databases.).

- and because of that popularity you could see those multi-gigabytes leaks found every single day.

 

 

 

Finally someone who knows what they're talking about.

 

I wish the industry standard would stop using MongoDB and switch to MySQL but then again, no matter how tightened and hardened the DB server is, there's no cure against SQL injections and cross site scripting kiddies due to "poor code" on the developer's end just as there will NEVER be anything really secure in this World as long as you'll have idiots using "123456" or "password" as... you guessed it... password.

 

I must admit binding a listening daemon with 0.0.0.0:* as ACL on a publicly not firewalled IP address is pretty reckless though, if not downright stupid.

 

But then again this is Thailand, nothing surprises me anymore here.

 

 

 

  • Like 2
Link to post
Share on other sites

7 hours ago, trainman34014 said:

Similar thing happened to me three years ago when i was given someone else's papers.    I've also had my name spelt wrong on many occasions on Bank Letters and Bank Books even after it's taken them half an hour to produce them and three different people involved.  Naturally it takes another half an hour to rectify things, no apologies, only giggles.  Thai Banks are the most inefficient i have ever come across anywhere on The Planet !

Same in all walks off life hear .if your mum dad or family work at a bank you get a job if your dad is police so are you .no matter what your education 

Link to post
Share on other sites

9 hours ago, webfact said:

An unsecured database containing international travel records dating back 10 years was left exposed on the web

Me thinks they need to get someone with cyber security knowledge in quickly and start training them beyond kindergarten level.

  • Like 1
Link to post
Share on other sites

7 hours ago, trainman34014 said:

Similar thing happened to me three years ago when i was given someone else's papers.    I've also had my name spelt wrong on many occasions on Bank Letters and Bank Books even after it's taken them half an hour to produce them and three different people involved.  Naturally it takes another half an hour to rectify things, no apologies, only giggles.  Thai Banks are the most inefficient i have ever come across anywhere on The Planet !

Conversely if a Thai person [or any other nationality for that matter] went to a bank in your home country, and requested a document printed in Thai script, would they be able to do it flawlessly?

  • Like 1
Link to post
Share on other sites

Yes, if it was one of the languages supported by the printer.  The instructions on how to print would be in my home country language so easy to do, just select the language, as it should be in Thailand. 

  • Like 2
Link to post
Share on other sites

6 hours ago, HeijoshinCool said:

.

 

Meh, commented the PM, we don't care, because....

 

We're now only going after affluent big spenders. Peons can go somewhere else. Try the Philippines.

 

Did I mention we are opening for tourism on October 1st?

Friends at immigration are expecting the yearly amount of 800,000 for ret to be  recalculated and but up to between 1 million and 1,500.000. Just talk at the moment, but with their efforts to get big money spenders in and one beer every 5 hours bar flies out. Ha!

Link to post
Share on other sites

14 minutes ago, Ginner said:

Friends at immigration are expecting the yearly amount of 800,000 for ret to be  recalculated and but up to between 1 million and 1,500.000. Just talk at the moment, but with their efforts to get big money spenders in and one beer every 5 hours bar flies out. Ha!

And these friends have connections to those who can enact such changes? I would see such a change as a simple effort to get more people to pay agents to arrange retirement extensions. 

Edited by jacko45k
  • Like 1
Link to post
Share on other sites

7 hours ago, kotsak said:

I never had spam calls and SMS bothering me for the past 10 years until I started registering for the vax programs..  😕

that’s a coincidence. I didn’t receive Thai related email spam from ‘Asian girl looking for fun’, until I signed up for thai visa!

  • Haha 2
Link to post
Share on other sites

27 minutes ago, Uroller said:

And your point is😩

That a lot of people think that they and their country are way better then here and that is doubtful. You hear people complaining about an App not working, saying the developers are dumb while they are too stupid to click the upload button. 

I do agree that there are Websites and Apps here that should be working a lot better and safer but that is the same in other countries.

Edited by FritsSikkink
  • Haha 1
Link to post
Share on other sites

8 hours ago, ThailandRyan said:

Had my second vaccination at MedPark hospital on last Thursday.  When my 30 minutes was up the nurse took my blood pressure and handed me what I thought was my vaccination certificate. It was all in Thai, and then I noticed the birthdate was for someone born in 1988 and was a female.  I went back to the nurse and showed her the certificate and she apologized, but could not find my actual certificate.  Another was then re-printed for me.  Question is does the lady whose certificate I was given have mine or one of a hundred others getting their vaccination that day.  No one bothers to check what they are handing out it appears.  My doctors office hands me the paperwork while still holding on to it and asks me to verify the information is mine and is true and correct.  I then have to sign the bottom of the top copy then review the copy being given to me and then they put the paperwork in an envelope and hand me the slip to give to the cashier.......Not all things are equal it appears from hospital to hospital and when you have a mass amount of folks it appears folks get complacent, just like whoever left the database unlocked for immigrations travelers.....

I was vaccinated, second jab, a week ago and still don't have the certificate as their computer system wasn't working. I was told I will get it sometime, somehow, somewhere. I really, really have no idea how Thailand manages to function at all as so many things don't work and so many people really have no idea what they are doing. It's like dealing with 7 year olds.

Link to post
Share on other sites

By now they have all our information with all the data leaks here and elsewhere around the world.

 

A good thing you can do is invest in a password manager.

 

 

Link to post
Share on other sites

5 minutes ago, FritsSikkink said:

That a lot of people think that they and their country are way better then here and that is doubtful.

With my more than 10 years experience working in IT and a bit of infosec lately I could say that it is not even doubtful but absolutely clear that all countries have awful gaping holes in their computer systems and all countries have ignorant programmers having no clue (or giving no <deleted> about) what they are doing.

And the closer to the government the worse the computer systems and programmers are, because they usually get contracts for being someone's relative and not for being a good programmer.

  • Like 1
Link to post
Share on other sites

8 hours ago, FritsSikkink said:

Since Comparitech has published many data incident reports and the transgressions are publisized and easy to find, as you have shown , then IMO the Thai government should not had used them. 

If you were in charge of safeguarding such personal information for the public, would you have used them?

At best the Thai government can claim ignorance IMO.

Link to post
Share on other sites

39 minutes ago, FritsSikkink said:

That a lot of people think that they and their country are way better then here and that is doubtful. You hear people complaining about an App not working, saying the developers are dumb while they are too stupid to click the upload button. 

I do agree that there are Websites and Apps here that should be working a lot better and safer but that is the same in other countries.

I never picked that sentiment up from the posts, just the fact of the information leak😩

  • Like 1
Link to post
Share on other sites

50 minutes ago, FritsSikkink said:

That a lot of people think that they and their country are way better then here and that is doubtful. You hear people complaining about an App not working, saying the developers are dumb while they are too stupid to click the upload button. 

I do agree that there are Websites and Apps here that should be working a lot better and safer but that is the same in other countries.

Ah THAT'S why the ninety day report site is a steaming pile of poopoo, it's all my fault! (how Thai is that!) I didn't press the upload button. I feel a hot rush of shame followed by great relief!

To which office should I report to to prostrate myself and offer deep apologies?

  • Haha 1
Link to post
Share on other sites

9 hours ago, trainman34014 said:

Similar thing happened to me three years ago when i was given someone else's papers.    I've also had my name spelt wrong on many occasions on Bank Letters and Bank Books even after it's taken them half an hour to produce them and three different people involved.  Naturally it takes another half an hour to rectify things, no apologies, only giggles.  Thai Banks are the most inefficient i have ever come across anywhere on The Planet !

Maybe they spell thai names better in thai.  English is not their first language….guess you forgot.  “My friend you” should remind you.  🙂

Link to post
Share on other sites

1 hour ago, Bangkok Barry said:

I was vaccinated, second jab, a week ago and still don't have the certificate as their computer system wasn't working. I was told I will get it sometime, somehow, somewhere. I really, really have no idea how Thailand manages to function at all as so many things don't work and so many people really have no idea what they are doing. It's like dealing with 7 year olds.

The same happened to my mate but he got a call and picked up his vaccination card properly prepared.  Maybe back home in your country they go things better.  Oh but you choose to diss Thailand for all its flaws.  Pension goes along way here.  Price you pay for misspellings

Edited by Bkktodd
Link to post
Share on other sites

4 minutes ago, ThLT said:

Anyway to see if your data is part of that 106 million???

Well lets see the OP says the data going back 10 years for those entering Thailand was taken pretty much says that anyone who has entered during the past 10 years has been exposed.  Of course that is just my view from reading the OP and article.

 

"An unsecured database containing international travel records dating back 10 years was left exposed on the web"

The personal details of more than 106 million international travelers to Thailand were exposed on the web without a password, Comparitech researchers report. The database included full names, passport numbers, arrival dates, and more.

Edited by ThailandRyan
Link to post
Share on other sites

3 minutes ago, ThailandRyan said:

"An unsecured database containing international travel records dating back 10 years was left exposed on the web"

The personal details of more than 106 million international travelers to Thailand were exposed on the web 

There have been more than 106 million travellers in Thailand, especially in 10 years. Before COVID, there were 30-40 million per year.

 

So there's around a 1/3 chance that we are on there.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...