The Phuket News Novosti Phuket Khao Phuket

Login | Create Account | Search

Personal details of 106mn visitors to Thailand exposed online for 10 years

Personal details of 106mn visitors to Thailand exposed online for 10 years

THAILAND: Research by a leading cyber security firm has revealed that a database containing the personal information of 106 million international visitors to Thailand was left exposed online for a period of 10 years.

By The Phuket News

Tuesday 21 September 2021, 02:26PM

A screenshot of some of the exposed data. Image: Comparitech

A screenshot of some of the exposed data. Image: Comparitech

The unsecured database containing international travel records was left exposed on the web without a password, researchers from Comparitech confirmed. Dates on the records ranged from 2011 to the present day.

Personal information of travellers included date of arrival in Thailand, full name, sex, passport number, residency status, visa type and Thai arrival card number.

Bob Diachenko, who leads Comparitech’s cybersecurity research, discovered the database on Aug 22, 2021 and immediately alerted the Thai authorities, who acknowledged the incident and secured the data the following day.

Diachenko surmises that any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident. He even confirmed the database contained his own name and entries to Thailand.

The database was indexed by search engine Censys on Aug 20 with Diachenko discovering the unprotected data two days later. He immediately took steps to verify and alert the owner in accordance with the company’s responsible disclosure policy. Thai authorities acknowledged the incident on Aug 23 and swiftly secured the data in due course.

PKF Thailand

Notably, the IP address of the database is still public but, at time of press, the database itself has been replaced with a honeypot. Anyone who attempts access at that address now receives the message, “This is honeypot, all access were logged.” [sic]

Thai authorities responded quickly to Diachenko’s disclosure and maintain the data was not accessed by any unauthorised parties. However it is unknown how long the data was exposed prior to being indexed. ‘Honeypot experiments’ conducted by Comparitech show attackers can find and access unsecured databases in a matter of hours.

“Any foreigner who traveled to Thailand in the last decade or so probably has a record in the database,” said Comparitech’s tech writer Paul Bischoff. “There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues.”

None of the information exposed poses a direct financial threat to the majority of data subjects as no financial or contact information was included, said Bischoff.

“Although passport numbers are unique to individuals, they are assigned sequentially and are not particularly sensitive. For example, a passport number can’t be used to open bank accounts or travel in another person’s name on its own,” he said.

Comment on this story

* Please login to comment. If you do not have an account please register below by simply entering a username, password and email address. You can still leave your comment below at the same time.


Kurt | 23 September 2021 - 13:14:40

Is it not idiot that when a foreigner, living here, on his return home on Phuket, get his arrival noted down at Phuket airport Immigration computer, passport stamped at Phuket airport, after that still has to report to Phuket Town Immigration? Complete idiot. Just 19 century bureaucratic 10 years old nonsense thinking..

Kurt | 23 September 2021 - 13:05:11

Guess it is time the Thai Immigration outsource their cyber database designing and security to Comparitech. By now enough proof that Immigration has not the skills to do it herself, and actually breach international privacy laws. No foreigner has trust about Immigration cyber works. There is not even a link between Phuket airport Immigration and Phuket Town Immigration.

Kurt | 22 September 2021 - 10:13:35

I miss to read that this concerns Thai Immigration. Infamous for not 'smart' operating her cyber sites. Even a simple 90 day report site is not functional , can not be trusted. That this database was a open window for 10 years and never checked, but could be secured in less than 1 day only is a bloody shame. Immigration lives completely in a lax and alternative reality. 

lelecuneo | 21 September 2021 - 14:56:05

great news, security is always First in this


Have a news tip-off? Click here


Phuket community
We can’t go back to our old ways, Phuket marine industry cautioned

Unfortunately Thai 'experts' do not care about what foreigners say- at the end of the day it...(Read More)

Phuket marks 118 new COVID cases, six more deaths

Interesting... so almost no deaths before the vaccine rollout, and after the vaccine rollout with mo...(Read More)

Three schemes set to welcome visitors

Kurt I had to accept the sugar water as that's all I could get. Second dose was AZ though and I...(Read More)

Three schemes set to welcome visitors

Please choose from: 1) Confusing, 2) A lot more confusing and 3) Slightly less confusing and subjec...(Read More)

When insurance skips a beat

S Africa? It used to be Libya which was only because of dismal emergency services and Thailand was...(Read More)

Thailand to welcome visitors from 46 countries from Nov 1

With the Delta sub-variant on the rise in UK and presumably elsewhere, Russia's use of an also ...(Read More)

Three schemes set to welcome visitors

@JohnC, agree 100% with you, But some, here chosen the expats, have to fill up the financial earning...(Read More)

Thailand Pass starts Nov 1, refunds on COE bookings allowed

Patience Captain Jack, all will be revealed on Oct 30th, doubtless a few U-turns in the meantime - m...(Read More)

Phuket local food served in domestic tourism push

Empty words 'lure, world class, upgrading, plans launched, raise standard local food service'...(Read More)

When insurance skips a beat

His claim that Thailand has the second worst traffic fatalities behind South Africa is simply not tr...(Read More)