An unsecured database containing international travel records dating back 10 years has been discovered online.
Discovered on August 22 by Bob Diachenko, leader of cybersecurity research at Comparitech, the 200GB database contained the personal information of more than 106 million international travellers.
Exposed information included full names, gender, residency status, arrival dates, passport numbers, visa information, and Thai arrival card numbers.
“Diachenko surmises that any foreigner who traveled to Thailand in the last decade might have had their information exposed in the incident. He even confirmed the database contained his own name and entries to Thailand,” said Comparitech tech writer Paul Bischoff in a report.
Researchers were unable to determine how long the data had been exposed for before it was indexed by the search engine Censys on August 20, 2021.
Upon discovering the unprotected data and taking steps to verify and alert the owner, the authorities were quickly notified of the incident, and the data swiftly secured.
The IP address of the database is still public, but the database itself has been replaced with a honeypot as of the time of writing.
”Any foreigner who travelled to Thailand in the last decade or so probably has a record in the database. There are many people who would prefer their travel history and residency status not be publicized, so for them there are obvious privacy issues,” the report read.
PrivSec Global is now live!
PrivSec Global will take over two days and bring together leading experts from around the global to address the fragmented privacy and cyber challenges worldwide.