Thailand is a country loved by tourists. It has beautiful scenery and a variety of food, and there are many shopping malls, visa policies are convenient for travel, and the currency exchange rate is low. Before the epidemic hit the global tourism industry, the United States topped the list of countries with the highest tourism revenue in 2019, and Thailand ranked fourth.
However, according to a foreign media security affairs website reported on September 21, personal information of any foreigner who has traveled to Thailand in the past ten years may have been leaked! The personal details of more than 106 million tourists to Thailand have been “streaking” online. I don’t know how long…
That’s what happened.
On August 22, 2021, the current Comparitech cybersecurity researcher Bob Diachenko (Bob Diachenko), was surprised to find that there was his personal information in the unprotected Elasticsearch database… The database contained him Your name and detailed information about entering Thailand also contain the personal details of more than 106 million tourists to Thailand.
Dyachenko immediately notified the Thai authorities.
Well, a cyber security expert discovered with his own eyes that his personal information was leaked. This world is too magical.
This 200GB database contains visitor records dating back ten years, with a total of more than 106 million entries, including:
Date of arrival in Thailand
Thailand immigration card number, etc.
Diachenko speculated that the personal information of any foreigner who has traveled to Thailand in the past ten years may have been exposed.
In this case, there is also good news that the database does not contain any financial data. The IP address of the database is still public, but the database is offline and has been replaced by a honeypot. The leaked information is as follows:
(Image source: security affairs)
After receiving the notification on August 22, the Thai authorities quickly took measures.
But the question is, how long was this database exposed before it was discovered? It is not yet certain.
However, the Thai authorities insist that the data has not been accessed by any unauthorized party.
// Timeline of database exposure //
August 20, 2021—The database has been indexed by the search engine Censys.
August 22, 2021—Dyachenko discovered unprotected data and immediately took steps to verify and remind the owner in accordance with the disclosure policy.
August 23, 2021-The Thai authorities acknowledged the incident and quickly secured the database.
// Some data breaches in the global tourism industry in recent years //
In November 2018, Marriott International, the world’s largest hotel group, claimed that a room reservation database of its Starwood hotel was hacked. Information about up to about 500 million guests who had booked at the hotel on or before September 10, 2018 Or be leaked.
In September 2019, Malindo Air, a low-cost airline joint venture between Malaysia and Indonesia, confirmed that a large number of passenger information had been leaked, and the number of affected passengers could reach millions.
In November 2019, the hotel online distribution service provider Gekko Group under the AccorHotels Group suffered a major data breach, affecting the customer base of 600,000 hotels worldwide, and the leaked database capacity exceeded 1TB.
In February 2020, the personal information of more than 10.6 million travelers who stayed at MGM Resorts was posted to hacker forums.
In 2020, according to foreign media reports, cruise operators disclosed that a data breach occurred in the travel company Carnival Corporation, affecting more than 11.5 million tourists. It is reported that hackers can access the Electronic accounts of employees of the travel company without authorization to obtain private data such as tourist names, addresses, social security numbers, passports, driving licenses, health information, and financial data such as credit cards and financial accounts.
In April 2020, Marriott International once again exposed an information leak. According to foreign media reports, the data of Marriott’s 5.2 million guests were leaked. The leaked information included names, mailing addresses, member accounts, contact information, loyalty account information, personal information, and check-in preferences.