Personal details of hundreds of foreigners in Thailand leaked online

[sandrabbit]

It was mentioned before that any Thaivisa users who innocently clicked on that site to look at it as it was posted about multiple times last night may be subject to legal issues. Is that really a concern?

I mentioned that as a concern. Probably not a big concern but they may be digging through the IP records of who accessed it to find the original source of the hack. Forgot to turn my VPN on before looking and before knowing what was going on.

Does your VPN hide the websites you visit from your internet provider ? Most don't. They hide the content you view by encrypting it, but not the URL of the sites visited. Which is why TOR has gained in popularity - does that hide websites visited, anyone know ? (no geek here!)

with my VPN the ISP they see the output of the VPN server. There is not a log made of the input to the server to match the output.

INFO USES

• E-mail address is used to send subscription information, payment confirmations, customer correspondence, and Private Internet Access promotional offers only.
• Payment data is used to manage client signups, payments, and cancellations.
• Google analytics data is used to improve our website.
• Apache webserver logs are regularly pruned and are created by the webserver. No usernames or passwords are ever logged by the webserver.
• Contact submissions and e-mails will be used for correspondence.
• Temporary cookies are used to handle control panel logins.

PrivateInternetAccess.com does not collect or log any traffic or use of its Virtual Private Network ("VPN") or Proxy.

https://www.privateinternetaccess.com/pages/how-it-works/

I use identitycloaker, and have done for about 5 years, and have bypassed censorship in China, Iran, Egypt, Brunei and a few more. I started using it to be able to watch BBC Iplayer abroad and have found it useful for a few more things later. It's useless in Thailand as the external connection has now gone so slow I'm going to switch to the cheapest TOT package, have the best fibre to house in Rayong but it's just pointless for anything outside of Thailand as even filmon has started to lag.

[Thian]

The only thing they learn at university when studying IT is <Ctrl><a>, <Ctrl><c> & <Ctrl><v>.

You can become a system administrator within 6 months, don't have to have any English knowledge. The books (NT 4.0 version 2001) are in English and in plastic, and still sold as new .

Exams you don't have to pass, after 6 months course you have your degree automaticly...

Cost for this course is 120,000 THB. A System Administrator makes between 40k and 500k per month in Thailand.

I have all those certifications and it wasn't easy to get them...in english of course. No doubt a Thai would never pass those exams, also in my group not many passed.

But using a strong password is something anybody could think of.

MCSA or MCSE ???

Any where in the world MCSE Windows NT isn't possible to gain certificates anymore except in Thailand.

Last week I had a job interview for my company and that guy was proud that he was MCP (Microsoft Certified Professional) since Jan 2016 for XP Professional. When I asked him what his knowledge was on Linux systems was (what we were looking for and for PHP developpers) he didn't know what I was talking about. He just answered that he only had little experience with using Frontpage and OSCommerce.

MCP is now being replaced with MSTS (Microsoft Certified Technology Specialist)

But we're on Linux. (www.paibkk.com)

MCSE+i (internet) since 1999 iirc. And also more IT-courses.

NT is from 1900, i didn't even have a cellphone or notebook by then

Thailand is far behind the rest of the world.

[johnatong]

sandrabbit

"I use identitycloaker, and have done for about 5 years, and have bypassed censorship in China, Iran, Egypt, Brunei and a few more. I started using it to be able to watch BBC Iplayer abroad and have found it useful for a few more things later. It's useless in Thailand as the external connection has now gone so slow I'm going to switch to the cheapest TOT package, have the best fibre to house in Rayong but it's just pointless for anything outside of Thailand as even filmon has started to lag."

Not an experience shared by everyone !

I only have an ADSL connection but can access and watch what I wish even when using a VPN

[mrmicbkktxl]

One thing I haven't seen made clear in any of this:

Was this little project just the brainchild of the wild hair Immigration commander in the South and it was meant to only cover the South?

Or, is this part of some broader project that the national Immigration folks are undertaking to develop this kind of tracking database nationwide?

You'd think, some of the reporters pursuing this story might have asked that question.

It's the first phase of a complex project. This was the trial of Phase One.

I cannot disclose too much about the project, but Phase Four includes inserting a microchip under the traveller's skin, so that when he moves around Thailand that map becomes interactive.

Just like GPS and Google Maps in your car.

I think not really a funny subject,it's kind of dangerous.This Akram is a muslim,he can easy sell the data to his friends or anybody else.In times of IS that would even make sense.Somebody should sue the immigration,and inform international news.If really something happens immigration is responsible for that

[Transporter]

Everything you do in Thailand requires copy of passport, home address etc, so whats the panic about???

Foreigners with something to lose becoming targets of criminals maybe?

[Transporter]

I didn't check to see if my name was on there, I was too busy digging a crocodile filled moat around my house.

[Squeegee]

Once it was about what we get up to with the women that made us undignified, but at least that was our own fault. Working for Thai employers is undignified, as is the jumping through the bureaucratic hoops. Even walking down the street or drinking in their bars can lead to being undignified as they make you pee in cups and show your papers.

These days it seems just being in Thailand is like having no dignity.

They don't deserve us. Bring on more Chinese.

[Emster23]

Big Brother really IS watching you

This screw up allows little brother to watch you too! Will poster be charged with computer crimes act? Can pigs fly?

[johnatong]

Once it was about what we get up to with the women that made us undignified, but at least that was our own fault. Working for Thai employers is undignified, as is the jumping through the bureaucratic hoops. Even walking down the street or drinking in their bars can lead to being undignified as they make you pee in cups and show your papers.

These days it seems just being in Thailand is like having no dignity.

They don't deserve us. Bring on more Chinese.

You must drink and walk in some dodgy places !

I have never experienced anything such as you describe.

My dignity remains intact !

[Transporter]

Web site removed last night after being hacked. (The admin password was ..... . . . .. 123456.)

The site developer who had the live site with information supplied by the Immigration Dept is not answering emails or replying to requests for interviews.

Would love to be a fly on the wall when this gets discussed in various meetings at the Immigration Dept over the next few days

The trouble is when the staff of Internet suppliers set things up they often start off with 123456 as the password and tell you to change it to the one you want when they have gone. It is then the responsibility of the person in charge to make sure the change is done. So who was it that felt this wasn't important enough because we are only ALIENS?

[silverhawk_usa]

Just thinking about who has this same information on me, including my passport number or copies of my passport.

• The electric company, phone company, mobile phone provider, internet provider, True Visions and of course my banks
• Some landlords and Real Estate agents.
• Every dealer that I have purchased a motorcycle or car from in the past 12 years in Thailand.
• Land Transport Office.
• I don't use them, but Visa agents would if I did.
• Many hotels or guesthouse I stayed in while traveling.
• My car insurance, motorcycle insurance and health insurance companies.
• A number of hospitals.
• Online purchases where I provide my address and credit card numbers. Yes, some even requested a copy of passport.
• Although not as common here, every time I gave someone a check, they got my address AND MY CHECKING ACCT NUMBER.

I could probably think of more if I really tried. YES, it is wrong to have your information posted on their website. Yes, they screwed up and someone should be held accountable. But I can't believe the paranoia of someone getting your information. Any one of the above I mention, or their staff, or hackers, could also be using and selling your information that you freely gave. The sky isn't falling because of this immigration website.

[Tywais]

I removed a partial quote from Bangkok Post and the ensuing argument it created.

[Squeegee]

Once it was about what we get up to with the women that made us undignified, but at least that was our own fault. Working for Thai employers is undignified, as is the jumping through the bureaucratic hoops. Even walking down the street or drinking in their bars can lead to being undignified as they make you pee in cups and show your papers.

These days it seems just being in Thailand is like having no dignity.

They don't deserve us. Bring on more Chinese.

You must drink and walk in some dodgy places !

I have never experienced anything such as you describe.

My dignity remains intact !

It's known as reading news stories. When you're done wasting so much energy on your self-satisfied smilies you might want to try it sometime.

[thaihome]

Just a small point.

t was not the Web developer or immigration that posted the data and the password for the Web site. Until whoever found it published the information, nobody knew about it. Wouldn't it have much more responsible for whoever found the Web site to have notified the developer and immigration of the potential breech?

It's seems sorta like finding out your next door neighbor forgot to lock their front door and you opening it, going inside and turning all the lights on, then stand on street and tell everyone that walks by the house is open, go on in and help yourself.

Just my perspective..

TH

[DeepInTheForest]

the website has been taken down now but how many wayback machines are still holding the info. also the info was posted to a google spy ware map. they arent going to deleted that any time soon.

my interest, i am currently in the south in an area that has been target by terrorist bombs not too long ago.

the good news i wasnt on the map or data base, more a map of long termers than casual drifters like me. possibly only workers as i didnt see any with retired as occupation as by a casual perusal. many Philippians among them.

ps was all written in thai, which i can read.

Good to know the Philippians are still around. Haven't heard much from them lately.

https://en.wikipedia.org/wiki/Epistle_to_the_Philippians

[lkv]

Just a small point.

t was not the Web developer or immigration that posted the data and the password for the Web site. Until whoever found it published the information, nobody knew about it. Wouldn't it have much more responsible for whoever found the Web site to have notified the developer and immigration of the potential breech?

It's seems sorta like finding out your next door neighbor forgot to lock their front door and you opening it, going inside and turning all the lights on, then stand on street and tell everyone that walks by the house is open, go on in and help yourself.

Just my perspective..

TH

Well, they can play around with that argument.

But I'll tell you one thing.

The other breach today that nobody has been discussing involved unsecured access straight on the xxx Ministry's server. No password no nothing.

Curious if the papers will pick this up tomorrow. They probably won't. No way they can twist that around.

As many people can remember, Anonymous has also hacked plenty of Government websites in January/February this year as a response to the Koh Tao Verdict.

So as others have stated, security is not really what people would expect it to be.

Edited March 28, 2016 by lkv

[crazydrummerpauly]

It was mentioned before that any Thaivisa users who innocently clicked on that site to look at it as it was posted about multiple times last night may be subject to legal issues. Is that really a concern?

I mentioned that as a concern. Probably not a big concern but they may be digging through the IP records of who accessed it to find the original source of the hack. Forgot to turn my VPN on before looking and before knowing what was going on.

Isn't the use of a VPN illegal in Thailand as well?

Almost everything is, strictly speaking !

[lkv]

Ok so I believe it is now safe to reveal the other data breach I was talking about earlier.

https://www.facebook.com/thainetizen/photos/a.10150109699603130.289409.116319678129/10154096690983130/

As far as it's understood at this stage, travelers details have been exposed including: Name, Passport number, Flight number, Seat number, countries visited before, Address in Thailand, and in some cases Thai phone number and email address.

It seems to apply to anybody that had an Ebola screening required when arriving in Thailand in at least the last year or two.

Edited March 28, 2016 by lkv

[BudRight]

There will be no consequences for the same reason this was online in the first place.

Thais simply do not care about these things.

[Gutenberg]

Just thinking about who has this same information on me, including my passport number or copies of my passport.

• The electric company, phone company, mobile phone provider, internet provider, True Visions and of course my banks
• Some landlords and Real Estate agents.
• Every dealer that I have purchased a motorcycle or car from in the past 12 years in Thailand.
• Land Transport Office.
• I don't use them, but Visa agents would if I did.
• Many hotels or guesthouse I stayed in while traveling.
• My car insurance, motorcycle insurance and health insurance companies.
• A number of hospitals.
• Online purchases where I provide my address and credit card numbers. Yes, some even requested a copy of passport.
• Although not as common here, every time I gave someone a check, they got my address AND MY CHECKING ACCT NUMBER.

I could probably think of more if I really tried. YES, it is wrong to have your information posted on their website. Yes, they screwed up and someone should be held accountable. But I can't believe the paranoia of someone getting your information. Any one of the above I mention, or their staff, or hackers, could also be using and selling your information that you freely gave. The sky isn't falling because of this immigration website.

Only because you give away your personal data so freely doesn't mean everybody needs to do it or be okay with it.

[jspill]

Glad now that I always gave immigration a fake address when doing extensions or 90 day reports.

[johnatong]

Glad now that I always gave immigration a fake address when doing extensions or 90 day reports.

Along with the fake rental agreement, the fake landlord ID and fake landlord Tabian Baan ?

[jspill]

Glad now that I always gave immigration a fake address when doing extensions or 90 day reports.

Along with the fake rental agreement, the fake landlord ID and fake landlord Tabian Baan ?

Never had to show those, sonny jim.

[JLCrab]

I'm not worried that someone with evil intentions might have my actual street address (not PO Box) -- none of the taxi drivers can ever find it and the bad guys probably wouldn't be able to find it either.

[lvr181]

Then Maj. Gen. Thanusilpa would have no problem in publishing the same details of the Military and Police personnel?

I guess he does not understand "identity theft"? For a Police Maj. General that is inexcusable not to understand those implications.

Edit: Added one word

Edited March 28, 2016 by lvr181

[Ajahnski]

Hmmmm, well a safe railway ain't been sorted, kids driving motorised vehicles ain't been sorted, Gov offices doing different stuff ain't been sorted, bars run/worked by farangs with no WP ain't been sorted, so why should computer security be sorted..

Considering how often there are major breaches of government (including the US State Dept and National Security Agency), banking, credit card etc. computers around the world, computer security isn't all that great anywhere. Just ask Edward Snowden.

Yes, but at least those agencies attempt to keep data secure. Also, there is a big difference between those US agencies that get literally thousands of attacks per day and this site that was never attacked because everything was left in the open!

For the prior comment, two wrongs don't make a right. Just because they can't figure anything else out is no excuse to have opened this huge security breach. It is, however, good evidence that this entire place is so screwed up that the entire slate needs to be wiped and start over.

[Thian]

Once it was about what we get up to with the women that made us undignified, but at least that was our own fault. Working for Thai employers is undignified, as is the jumping through the bureaucratic hoops. Even walking down the street or drinking in their bars can lead to being undignified as they make you pee in cups and show your papers.

These days it seems just being in Thailand is like having no dignity.

They don't deserve us. Bring on more Chinese.

You must drink and walk in some dodgy places !

I have never experienced anything such as you describe.

My dignity remains intact !

It's known as reading news stories. When you're done wasting so much energy on your self-satisfied smilies you might want to try it sometime.

Just go out in Thonglor and carry a backpack.

But he´s a newbie, probably also will get scammed first by those guys who want to show you their house and play some gamblegames.

[jesimps]

Is anyone surprised? Every junta worldwide does and has done this, in paper files before computerisation. Juntas are neurotic. Fact!

Edited March 29, 2016 by jesimps

[gandalf12]

It was mentioned before that any Thaivisa users who innocently clicked on that site to look at it as it was posted about multiple times last night may be subject to legal issues. Is that really a concern?

The only people that legal action should be taken against are the people responsible for the site security. A bunch of incompetents

[thaihome]

The only people that legal action should be taken against are the people responsible for the site security. A bunch of incompetents

So when somebody robs your house its your fault because your security was not good enough, including accidently leaving your front door unlocked. And the cops should arrest you.

TH

Edited March 29, 2016 by thaihome