The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand.
The expert discovered the unsecured database on August 22, 2021, and immediately notified the Thai authorities, he noticed that some of the data stored in the archive date back ten years.
While the IP address of the database is still public, the database was taken offline and has been replaced with a honeypot.
The database was 200GB in size and contained several assets, including more than 106 million records.
Exposed records include full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers.
“Diachenko surmises that any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident. He even confirmed the database contained his own name and entries to Thailand.” reads the post published by Comparitech.
The good news is that no financial data was contained in the database.
It is not possible to determine how low the archive had been exposed before it was discovered, but Thai authorities told Comparitech that the data was not accessed by any unauthorized parties.
Below the timeline for the discovery of database:
(SecurityAffairs – hacking, Thailand)