South China Morning Post
Advertisement
Advertisement
Thailand
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Before the pandemic, Thailand drew tens of millions of visitors a year. Photo: Shutterstock
AsiaSoutheast Asia

Details of some 100 million visitors to Thailand exposed online: research firm

  • British firm Comparitech said any foreigner who has travelled to Thailand in the last decade ‘might have had their information exposed’
  • Thai authorities ‘maintain the data was not accessed by any unauthorised parties’, it said in a report
Thailand
Agence France-Presse
Agence France-Presse
Why you can trust SCMP
More than 106 million travellers to Thailand had their personal details exposed online in August, a cybersecurity research firm that discovered the data said on Monday, but the leak was quickly plugged by authorities.
The Southeast Asian nation is a popular tourist destination, drawing nearly 40 million visitors in 2019 before the Covid-19 pandemic shut borders and seized up global travel.

Britain-based consumer security firm Comparitech said in a report that its head of cybersecurity research, Bob Diachenko, found a database in August containing the personal information of travellers to the kingdom.

Tourists at a beach resort in Phuket. File photo: AFP

He said “any foreigner who travelled to Thailand in the last decade might have had their information exposed in the incident”, including their name, passport number and residency status.

Comparitech said Diachenko also found his own name and details about his entries into Thailand on the database, which contained information dating back to 2011.

Thai authorities were informed on August 22 and secured the data the following day.

“However we do not know how long the data was exposed prior to being indexed,” said the report.

Did tourists’ bad behaviour in Bali prompt minister’s idea to ban backpackers?

Thai authorities “maintain the data was not accessed by any unauthorised parties”, it added.

Thailand’s Cyber Crime Investigation Bureau said it was unaware of the incident but was looking into it.

While Thais are largely internet-savvy, their government is no stranger to data leaks and information breaches.

In June, a government website for foreigners to sign up for a coronavirus vaccine was found to be revealing the names and passport numbers of prospective recipients. The site was taken down soon after.

01:03

Once-bustling Bangkok market deserted as Thailand struggles with its worst wave of Covid-19

Once-bustling Bangkok market deserted as Thailand struggles with its worst wave of Covid-19
Meanwhile in neighbouring Indonesia, authorities said they had found no evidence that the country’s main intelligence service’s computers were compromised, after a US-based private cybersecurity company alerted them of a suspected breach of its internal networks by a Chinese hacking group.

The Insikt Group, the threat research division of Massachusetts-based Recorded Future, said it discovered the hack in April when it detected malware servers operated by the “Mustang Panda” group communicating with hosts inside Indonesian government networks.

The activity targeted the intelligence agency Badan Intelijen Negara (BIN), as well as nine other Indonesian government organisations, Recorded Future said.

“We assess that this activity is very likely linked to the Chinese state-sponsored threat activity group Mustang Panda based on our continued tracking of Chinese state-sponsored cyberespionage activity,” the company said in an email to AP.

Malaysia, Indonesia warn Australia’s Indo-Pacific pact could trigger arms race

Chinese government offices were closed on Monday for the Mid-Autumn Festival and could not be reached, but authorities have consistently denied any form of state-sponsored hacking and said China itself is a major target of cyberattacks.

Recorded Future said its experts traced the hack back to as early as March, and the last observed date of the intrusion was August 20. “We have not seen additional activity targeting BIN since that date,” it said.

After being notified by Recorded Future, BIN investigated the suspected breach together with other agencies and related stakeholders, but found “our server is safe and under control, there is no indication that it was hacked by suspected Chinese hackers”, said Wawan Hari Purwanto, a deputy chief and spokesman for the agency.

BIN coordinates information sharing and operations for Indonesia’s other intelligence agencies, as well as conducting its own operations.

4