Jump to content

Personal details of hundreds of foreigners in Thailand leaked online


Recommended Posts

Posted (edited)

Further underscoring the vulnerability of the site, some internet users also correctly guessed the password to enter the website’s management system: 123456. "

Genius.

Edited by Bluespunk
  • Replies 195
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Posted

Naahh... Less than a dozen Americans down south...

Yes, you guys are the center of the universe ! Anyway, 12 down and 345 million to go.

Posted

Hmmmm, well a safe railway ain't been sorted, kids driving motorised vehicles ain't been sorted, Gov offices doing different stuff ain't been sorted, bars run/worked by farangs with no WP ain't been sorted, so why should computer security be sorted..coffee1.gif

Considering how often there are major breaches of government (including the US State Dept and National Security Agency), banking, credit card etc. computers around the world, computer security isn't all that great anywhere. Just ask Edward Snowden.

Posted

As this Andrew MacGregor Marshall posted on Facebook, "the scariest part of the story is that Thai immigration officials gave freelance programmer Akram Aleeming highly sensitive data including names, addresses and passport details of foreigners in southern Thailand, so he could build his "test" system. That's where the real data breach occurred."

This Akram Alleging guy is supposedly a Computer Science from Thaksin University, and he uses the least secure "password" possible, and leaves personal information open because he "didn’t think anyone would find the website"??

It would be very interesting to know a LOT more about this "freelancer", including his address and passport number ;) It'd become a lot more interesting to know his political agenda too.....

Posted

“Many thanks to the person who cracked the administrator password of the website, and the person who used this password to access the site and delete all of the data. The website is now offline. Now we need answers on why this data was published in the first place,”

https://asiancorrespondent.com/2016/03/apparent-data-leak-leaves-foreigners-in-southern-thailand-anxious/

So the guy running this website and sensitive data uses a <deleted> password "123456" <deleted> this is kindergarten shit.

Posted (edited)

"It was unclear how long the site had been online. The website administrator took down the site at around 2am, according to digital advocacy group Thai Netizens. It also identified the website developer as a firm called Youngcyber Digital Technology, which is headed by a man named Akram Aleeming. The website for the firm was offline Monday.

Registrant Name: Akram aleeming
Registrant Organization: youngcyber
Registrant Street: 555/9
Registrant City: maunf
Registrant State/Province: sk
Registrant Postal Code: 90100
Registrant Country: TH
Registrant Phone: +66.0873996245
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:

his email is youngcyber @ gmail.com

Edited by NCC1701A
Posted

Well look, he just chose the number one most common password of 2015 smile.png

And foreignersa are not eligible for IT jobs? <deleted> this is gross incompetence of the highest order.

Posted (edited)

What are the gold colored markers with the trident/crown figures on the map?

TV forum's top commentors.

Edited by mesterm
Posted (edited)

the website has been taken down now but how many wayback machines are still holding the info. also the info was posted to a google spy ware map. they arent going to deleted that any time soon.

my interest, i am currently in the south in an area that has been target by terrorist bombs not too long ago.

the good news i wasnt on the map or data base, more a map of long termers than casual drifters like me. possibly only workers as i didnt see any with retired as occupation as by a casual perusal. many Philippians among them.

ps was all written in thai, which i can read.

Edited by shagorillaHotel
Posted

And not to mention all the data leaked on this website too: <link to personal data removed removed>

It has all names, passports, full current address, nationality and every single travel history.

All made puiblicly available within a simple google search.

amazing!

Posted

It was mentioned before that any Thaivisa users who innocently clicked on that site to look at it as it was posted about multiple times last night may be subject to legal issues. Is that really a concern?

I mentioned that as a concern. Probably not a big concern but they may be digging through the IP records of who accessed it to find the original source of the hack. Forgot to turn my VPN on before looking and before knowing what was going on. biggrin.png

Does your VPN hide the websites you visit from your internet provider ? Most don't. They hide the content you view by encrypting it, but not the URL of the sites visited. Which is why TOR has gained in popularity - does that hide websites visited, anyone know ? (no geek here!)

Posted

"some internet users also correctly guessed the password to enter the website’s management system: 123456. "

Sources note the password has since been changed to the much harder to crack "654321" combo.

Posted

Everything you do in Thailand requires copy of passport, home address etc, so whats the panic about???

If someone has no value in life, and no assets, and doesn't care about privacy, then there is nothing to worry about.

However, if one is concerned about identity theft, loss of assets, harassment, kidnapping, extortion, break ins, security etc., then one should be very concerned.

In the developed world when a company or government suffers this type of security breach, the data site pays for identity theft monitoring services and covers the losses people incur because of the breach. Thailand just made a fool of itself. It's disgraceful.

Posted

It was mentioned before that any Thaivisa users who innocently clicked on that site to look at it as it was posted about multiple times last night may be subject to legal issues. Is that really a concern?

I mentioned that as a concern. Probably not a big concern but they may be digging through the IP records of who accessed it to find the original source of the hack. Forgot to turn my VPN on before looking and before knowing what was going on. biggrin.png

Does your VPN hide the websites you visit from your internet provider ? Most don't. They hide the content you view by encrypting it, but not the URL of the sites visited. Which is why TOR has gained in popularity - does that hide websites visited, anyone know ? (no geek here!)

with my VPN the ISP they see the output of the VPN server. There is not a log made of the input to the server to match the output.

INFO USES

  • E-mail address is used to send subscription information, payment confirmations, customer correspondence, and Private Internet Access promotional offers only.
  • Payment data is used to manage client signups, payments, and cancellations.
  • Google analytics data is used to improve our website.
  • Apache webserver logs are regularly pruned and are created by the webserver. No usernames or passwords are ever logged by the webserver.
  • Contact submissions and e-mails will be used for correspondence.
  • Temporary cookies are used to handle control panel logins.

PrivateInternetAccess.com does not collect or log any traffic or use of its Virtual Private Network ("VPN") or Proxy.

https://www.privateinternetaccess.com/pages/how-it-works/

Posted (edited)

I advise people not to click on the link posted just now unless using a VPN.

The availability of something like that in public domain is disturbing.

Edited by lkv
Posted (edited)

And not to mention all the data leaked on this website too: http://203.157.41.192/pagth/t8_index.php?psend=t8_list_ebola18&send=search&dsearch=2015-03-28

It has all names, passports, full current address, nationality and every single travel history.

All made puiblicly available within a simple google search.

amazing!

Look at all the errors and inconsistencies there are in this data... what a mess and no wonder nothing gets done effectively! Check out the Name/Surname: Trousers on the CRISTINA MERCEDES

Add to the list the hub of information standards... SMH

Edited by MeHere
Posted (edited)

Don't know what the fuss is about, according to Maj. Gen. Thanusilpa, the immigration police commander, no 'important information' was stored on the site.

  • name
  • nationality
  • passport number
  • full address
  • work details

“There’s nothing on there,” Thanusilpa said...

He didn't see the same map I did. All but work details was there.

I saw this map here on TV last night, before the topic was taken down on the basis that it was somehow "illegal " for the subject to be debated on the forum.

This is/was a very serious beach committed in the name of the Immigration Authority which compromised both personal privacy and, potentially the safety of many expats.

This morning I informed my Embassy of this breach and provided the link to the site and screen shots of my data, I have also lodged a complaint using the 111 facility.

Edited by johnatong

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...