Jump to content
IGNORED

Database containing personal info of 106 million international visitors to Thailand was exposed online


FarangKiNok
 Share

Recommended Posts

https://www.comparitech.com/blog/information-security/thai-traveler-data-leak/

The personal details of more than 106 million international travelers to Thailand were exposed on the web without a password, Comparitech researchers report. The database included full names, passport numbers, arrival dates, and more.

Bob Diachenko, who leads Comparitech’s cybersecurity research, discovered the database on August 22, 2021 and immediately alerted the Thai authorities, who acknowledged the incident and secured the data the following day.

Hamsum, skinny, look same young mans! Go ATM before go loom.

Link to comment
Share on other sites

4 hours ago, FarangKiNok said:

 

The personal details of more than 106 million international travelers to Thailand were exposed on the web without a password, Comparitech researchers report. The database included full names, passport numbers, arrival dates, and more.

 

Can I ask a more general question.

Data breaches such as this seem to happen quite often.  My own Linked-in username and password was part of a well known data breach a few years ago.  A list showing my username, password and email address was published on an internet site along with millions of others.  Crazy !

My question is:  will data breaches ever stop ?  And if not, what should we as individuals do about it ?

1. Stop using on-line systems ?  Difficult.

2. Accept that your details may be data-breached ?  And do what ? 

3. Other options ?

The computer industry needs to provide an answer.   

Programmers,  designers are fallible.   Its crap !

 

Edited by rog555
Link to comment
Share on other sites

Just now, rog555 said:

Can I ask a more general question.

Data breaches such as this seem to happen quite often.  My own linked in username and password was part of a well known data breach a few years ago.

My question is:  will data breaches ever stop ?  And if not, what should we as individuals do about it ?

1. Stop using on-line systems ?

2. Accept that your details may be data-breached ?  And do what ?

3. Other options ?

 

Use a password manager with a very secure and different password stored for each site you use. Pay for a credit monitoring/identify theft protection service if you're really worried. You can check https://haveibeenpwned.com/ to see if your email address or phone number has been compromised. Other than that, just accept that it's gonna happen. 

Link to comment
Share on other sites

10 minutes ago, Ohyesuare said:

Use a password manager with a very secure and different password stored for each site you use. Pay for a credit monitoring/identify theft protection service if you're really worried. You can check https://haveibeenpwned.com/ to see if your email address or phone number has been compromised. Other than that, just accept that it's gonna happen. 

OK, I agree that a different username/password per site is sensible.   And really you should not use a 'formula' for your selection.  I.e  not your dogs name+ web site name.

I did find out about the Linked-in breach via that site you recommend - have i been pawned. Useful, yes.  If retroactive.

So 'accept its going to happen'. In detail what does that mean ?  I think you are correct over the long term.  But does that mean my bank login will become compromised at some point?  Thats a major worry.  Do banks accept this, and plan for it ?

Data breaches need clarification in terms of what the service provider will do in compensation.

I don't use a password manager for fear that it a scam to grab your passwords.  Free password managers ?  Paid for ones - developed by governments or crims?   Write your own ?  I need to look into this more, but am suspicious.

Edited by rog555
Link to comment
Share on other sites

Against data breache, some website ask to change password frequently (every month)

The problem is to remember what is the current password !

As if you store it in a digital safe

We had the same problem with Pirates trying to enter the intranet of our firma

Changing all logs and password for all workers isnt that easy, some dont remember it !!

Link to comment
Share on other sites

16 minutes ago, seaman said:

Against data breache, some website ask to change password frequently (every month)

The problem is to remember what is the current password !

As if you store it in a digital safe

We had the same problem with Pirates trying to enter the intranet of our firma

Changing all logs and password for all workers isnt that easy, some dont remember it !!

Yes, the directive 'change your passwords regularly' at first seems good advice.  But what's special about a month ?

But really it should be 'change your password the instant it has been breached'.   Not easy to determine ofcourse, so 1 month is used for no good reason.

As you say remembering passwords for each system/web site is difficult.

It could be there is no good solution.    I'm not optimistic about data breaches in the long term.

IT system admin guys do what they like with data.  Some will go rogue.  E.g. wikileaks.

Edited by rog555
Link to comment
Share on other sites

Not easy ...

As you saw perhaps the "VACCIN PASS" of our President Macron was online :)

 

Bank security is for me atm a confirmation with smarphone

Open the appli of the bank, enter a code and confirm ...

Than you can access the website and make all you want

 

I see finger digit on a special mouse for laptop or behind phones, face recognition ...

 

Visa with no contact payement up to 50€, easy but no secure

Hum ... all this can be pirated

 

And paying per phone, I really dont trust ...

Link to comment
Share on other sites

Just now, Arnie85 said:

Changing passwords monthly is absolutely stupid. 

And myself I dont do it :)

But its a recommandation on some administration websites ...

On some you must do it after a certain time, no possibility to access else

And cannot use an older password, so they must have a good password databank to compare !!  :)

 

Link to comment
Share on other sites

This is why, especially the big companies like MS and Google, are try to move away from passwords. Biometrics, multi step verification, etc.

Link to comment
Share on other sites

Digital ID linked to your green pass / vax passport and digital crytpo wallet and your social credit score.

Link to comment
Share on other sites

12 minutes ago, eXplosief said:

This is why, especially the big companies like MS and Google, are try to move away from passwords. Biometrics, multi step verification, etc.

OK.  Good.

Is the 'two step' method good ?

I'm referring to step 1, enter regular username password.  Step 2: they send an SMS message to your registered phone number with one time code you enter.

It does sound better. Without extensive evidence I feel SMS messages only ever go to your phone via some kind of private, secured network.   I could be wrong  there were journalists hacking royal's phones.

But sounds like progess.

My worry with biometrics such as Apples touch id, is that crims are encouraged to saw off your finger.  Maybe OTT worry.

In the past I used to keep a paper based password list.   2 bits of paper in different 'secret' locations.  Maybe I'll return to that. 

Let thai girls visiting find one of them, rather than internet hackers find computer based ones. 555

Edited by rog555
Link to comment
Share on other sites

Its ok. The breach must have happened over two years ago.

106m people? Half of them will be dead or up in Isaan now.

Edited by Pooliekev

It ain't what you do it's the way that you do it.

Link to comment
Share on other sites

7 minutes ago, Pooliekev said:

Its ok. The breach must have happened over two years ago.

106m people? Half of them will be dead or up in Isaan now.

I see your point.  

A passport number is not a private thing.  You make it known to every hotel you book into, every airline you fly with.   Its only of use with a real-looking passport.

Full names, most people probably happily put their real full names on FB.  Often you tell people your name.

But, people who ask for your details should be obliged to not let it get breached.

 

Edited by rog555
Link to comment
Share on other sites

My advice to protect yourself:

Change your passwords frequently.

Setup two-factor authentication, if available.

If you're an American, freeze your credit with all three credit bureaus. So if someone does get access to your details, they can't open new accounts under your name.

Signup for a identify theft monitoring service.  I think some anti-virus services provide it for free or a nominal cost.

Unfortunately, that's really the best you can do right now to help prevent identity theft.

If you want a better experience with your "date"... read, learn, live the following:

 

https://forum.pattaya-addicts.com/topic/22263-vetting-bar-girls-and-how-to-pass-their-own-vett

Link to comment
Share on other sites

@rog555 : use two factor authentication, especially for your email!
but don't use sms as the 2nd factor. use a yubikey or a smartphone based key. both are ok.

i don't see a reason to change passwords frequently as long as they're all safe and unique. the "change frequently" advice is outdated in the opinion of most experts. 

TFMI.WTF : The new home of the Thaifriendly Master Index – your invaluable guide if you use Thaifriendly in Pattaya.
Thoughts from a tourist actually on the ground - Dec 2020 to April 2021

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share



  • COVID-19

    Any posts or topics which the moderation team deems to be rumours/speculatiom, conspiracy theory, scaremongering, deliberately misleading or has been posted to deliberately distort information will be removed - as will BMs repeatedly doing so. Existing rules also apply.

  • Advertise on Pattaya Addicts
  • Recently Browsing

    No registered users viewing this page.

  • Our picks

    • Hi Guys

      As many of you know we have been running now for 16 years and apart from one brief time when we were allowed PayPal, so could use the inbuilt donation function, we have tried to avoid asking for donations. We have certainly avoided being in anyones face about it.

      Sadly that has now changed.

      The forum currently costs around $900 a month to operate. That includes Bangkok and Philippines but PA makes up the vast majority of it. This fee covers forum hosting, image hosting, notification emails and support.

      Before anyone says "its expensive" please be aware we have tried for years to find better for cheaper - it just doesn't exist for the size we are. Also a lot of hosts wont Touch us anyway. Our current host is actually cheaper than the previous one but that brings its own problems.

      Moving on -

      I would like to stress there is NO obligation whatsoever. Also, whatever happens the forum is going no-where!

      Donators can CHOOSE to have their donation listed (probably in this thread or we can make a new one) or to remain anonymous. Likewise they can CHOOSE whether the amount is published or not.

      There is no minimum, or maximum for that matter. ANY donation will be very gratefully received. We are very aware that many members are also having it tough these days.

      We are still unable to promote/post PayPal addresses etc on the forum so would ask that anyone who would like to make a donation to PM me, or ask me here to PM you and we will sort out details via that PM.
      • 90 replies
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.