Jump to content
IGNORED

Database containing personal info of 106 million international visitors to Thailand was exposed online


FarangKiNok

Recommended Posts

https://www.comparitech.com/blog/information-security/thai-traveler-data-leak/

The personal details of more than 106 million international travelers to Thailand were exposed on the web without a password, Comparitech researchers report. The database included full names, passport numbers, arrival dates, and more.

Bob Diachenko, who leads Comparitech’s cybersecurity research, discovered the database on August 22, 2021 and immediately alerted the Thai authorities, who acknowledged the incident and secured the data the following day.

Link to comment
Share on other sites

4 hours ago, FarangKiNok said:

 

The personal details of more than 106 million international travelers to Thailand were exposed on the web without a password, Comparitech researchers report. The database included full names, passport numbers, arrival dates, and more.

 

Can I ask a more general question.

Data breaches such as this seem to happen quite often.  My own Linked-in username and password was part of a well known data breach a few years ago.  A list showing my username, password and email address was published on an internet site along with millions of others.  Crazy !

My question is:  will data breaches ever stop ?  And if not, what should we as individuals do about it ?

1. Stop using on-line systems ?  Difficult.

2. Accept that your details may be data-breached ?  And do what ? 

3. Other options ?

The computer industry needs to provide an answer.   

Programmers,  designers are fallible.   Its crap !

 

Edited by rog555
Link to comment
Share on other sites

Just now, rog555 said:

Can I ask a more general question.

Data breaches such as this seem to happen quite often.  My own linked in username and password was part of a well known data breach a few years ago.

My question is:  will data breaches ever stop ?  And if not, what should we as individuals do about it ?

1. Stop using on-line systems ?

2. Accept that your details may be data-breached ?  And do what ?

3. Other options ?

 

Use a password manager with a very secure and different password stored for each site you use. Pay for a credit monitoring/identify theft protection service if you're really worried. You can check https://haveibeenpwned.com/ to see if your email address or phone number has been compromised. Other than that, just accept that it's gonna happen. 

Link to comment
Share on other sites

10 minutes ago, Ohyesuare said:

Use a password manager with a very secure and different password stored for each site you use. Pay for a credit monitoring/identify theft protection service if you're really worried. You can check https://haveibeenpwned.com/ to see if your email address or phone number has been compromised. Other than that, just accept that it's gonna happen. 

OK, I agree that a different username/password per site is sensible.   And really you should not use a 'formula' for your selection.  I.e  not your dogs name+ web site name.

I did find out about the Linked-in breach via that site you recommend - have i been pawned. Useful, yes.  If retroactive.

So 'accept its going to happen'. In detail what does that mean ?  I think you are correct over the long term.  But does that mean my bank login will become compromised at some point?  Thats a major worry.  Do banks accept this, and plan for it ?

Data breaches need clarification in terms of what the service provider will do in compensation.

I don't use a password manager for fear that it a scam to grab your passwords.  Free password managers ?  Paid for ones - developed by governments or crims?   Write your own ?  I need to look into this more, but am suspicious.

Edited by rog555
Link to comment
Share on other sites

Against data breache, some website ask to change password frequently (every month)

The problem is to remember what is the current password !

As if you store it in a digital safe

We had the same problem with Pirates trying to enter the intranet of our firma

Changing all logs and password for all workers isnt that easy, some dont remember it !!

Link to comment
Share on other sites

16 minutes ago, seaman said:

Against data breache, some website ask to change password frequently (every month)

The problem is to remember what is the current password !

As if you store it in a digital safe

We had the same problem with Pirates trying to enter the intranet of our firma

Changing all logs and password for all workers isnt that easy, some dont remember it !!

Yes, the directive 'change your passwords regularly' at first seems good advice.  But what's special about a month ?

But really it should be 'change your password the instant it has been breached'.   Not easy to determine ofcourse, so 1 month is used for no good reason.

As you say remembering passwords for each system/web site is difficult.

It could be there is no good solution.    I'm not optimistic about data breaches in the long term.

IT system admin guys do what they like with data.  Some will go rogue.  E.g. wikileaks.

Edited by rog555
Link to comment
Share on other sites

Not easy ...

As you saw perhaps the "VACCIN PASS" of our President Macron was online :)

 

Bank security is for me atm a confirmation with smarphone

Open the appli of the bank, enter a code and confirm ...

Than you can access the website and make all you want

 

I see finger digit on a special mouse for laptop or behind phones, face recognition ...

 

Visa with no contact payement up to 50€, easy but no secure

Hum ... all this can be pirated

 

And paying per phone, I really dont trust ...

Link to comment
Share on other sites

Just now, Arnie85 said:

Changing passwords monthly is absolutely stupid. 

And myself I dont do it :)

But its a recommandation on some administration websites ...

On some you must do it after a certain time, no possibility to access else

And cannot use an older password, so they must have a good password databank to compare !!  :)

 

Link to comment
Share on other sites

This is why, especially the big companies like MS and Google, are try to move away from passwords. Biometrics, multi step verification, etc.

Link to comment
Share on other sites

Digital ID linked to your green pass / vax passport and digital crytpo wallet and your social credit score.

Link to comment
Share on other sites

12 minutes ago, eXplosief said:

This is why, especially the big companies like MS and Google, are try to move away from passwords. Biometrics, multi step verification, etc.

OK.  Good.

Is the 'two step' method good ?

I'm referring to step 1, enter regular username password.  Step 2: they send an SMS message to your registered phone number with one time code you enter.

It does sound better. Without extensive evidence I feel SMS messages only ever go to your phone via some kind of private, secured network.   I could be wrong  there were journalists hacking royal's phones.

But sounds like progess.

My worry with biometrics such as Apples touch id, is that crims are encouraged to saw off your finger.  Maybe OTT worry.

In the past I used to keep a paper based password list.   2 bits of paper in different 'secret' locations.  Maybe I'll return to that. 

Let thai girls visiting find one of them, rather than internet hackers find computer based ones. 555

Edited by rog555
Link to comment
Share on other sites

Its ok. The breach must have happened over two years ago.

106m people? Half of them will be dead or up in Isaan now.

Edited by Pooliekev

It ain't what you do it's the way that you do it.

Link to comment
Share on other sites

7 minutes ago, Pooliekev said:

Its ok. The breach must have happened over two years ago.

106m people? Half of them will be dead or up in Isaan now.

I see your point.  

A passport number is not a private thing.  You make it known to every hotel you book into, every airline you fly with.   Its only of use with a real-looking passport.

Full names, most people probably happily put their real full names on FB.  Often you tell people your name.

But, people who ask for your details should be obliged to not let it get breached.

 

Edited by rog555
Link to comment
Share on other sites

My advice to protect yourself:

Change your passwords frequently.

Setup two-factor authentication, if available.

If you're an American, freeze your credit with all three credit bureaus. So if someone does get access to your details, they can't open new accounts under your name.

Signup for a identify theft monitoring service.  I think some anti-virus services provide it for free or a nominal cost.

Unfortunately, that's really the best you can do right now to help prevent identity theft.

If you want a better experience with your "date"... read, learn, live the following:

 

https://forum.pattaya-addicts.com/topic/22263-vetting-bar-girls-and-how-to-pass-their-own-vett

Link to comment
Share on other sites

@rog555 : use two factor authentication, especially for your email!
but don't use sms as the 2nd factor. use a yubikey or a smartphone based key. both are ok.

i don't see a reason to change passwords frequently as long as they're all safe and unique. the "change frequently" advice is outdated in the opinion of most experts. 

TFMI.WTF : The home of the Thaifriendly Master Index – your invaluable guide if you use Thaifriendly in Pattaya.

Link to comment
Share on other sites

  • 11 months later...

Has there been any indication of identity theft so far from this data? One of the biggest breaches I have ever heard of.

Link to comment
Share on other sites

For USA people:

https://www.annualcreditreport.com/index.action

You can monitor your own credit. Often credit cards you have offer some free credit reports monthly also.

I have not had good results trying lock my own credit, they make that hard. I don't remember if it was a wrong guess at some obscure question they asked on online but they required me to send in written requests to all three which I can't be arsed to do.

The password managers available online I don't trust. There is no guarantee they won't be hacked and release all your bank passwords and everything. Also they want a monthly fee and I don't want them holding my passwords hostage if I don't want to keep paying them.

The credit monitoring advertising likes to trick you with $1million dollars as if you win the lottery if you get hacked. In reality all they do is tell you to call the number that is already on the back of your credit cards or your banks and report a fraud and they refund your money, there is nothing helpful they actually offer for your monthly payment except maybe a lawyer if you somehow got into a very unusual ID theft situation that you can't handle with a simple phone call or two.

I have gotten a letter every few years my info was hacked from some unavoidable database and haven't had any consequences from that. Credit card fraud yes, nearly every year, not database hacks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • COVID-19

    Any posts or topics which the moderation team deems to be rumours/speculatiom, conspiracy theory, scaremongering, deliberately misleading or has been posted to deliberately distort information will be removed - as will BMs repeatedly doing so. Existing rules also apply.

  • Advertise on Pattaya Addicts
  • Recently Browsing

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.