Over 8 billion real-time internet records of Thai users exposed in massive data leak: Report
by Hemani ShethOver 8 billion real-time Internet records of users of Thailand’s largest cell network, AIS, were leaked online through a database which has now been secured, according to a report by TechCrunch.
The leak was first spotted by security researcher Justin Paine, who alerted the cell network company on May 13. After a week of receiving no response from the company, Payne then contacted Thailand’s data watchdog, the Thailand National CERT team (ThaiCERT) team, who questioned AIS on the same.
The company later took the database offline, thus securing the records.
“AIS is Thailand's largest GSM mobile phone operator with 39.87 million customers as of 2016,” Payne wrote in a blog post detailing the incident.
“The database was likely controlled by AIS subsidiary, Advanced Wireless Network (AWN). It contained a combination of DNS query logs and NetFlow logs for what appears to be AWN customers. Using this data it is quite simple to paint a picture of what a person does on the Internet. I made multiple attempts to contact AIS to get the database secured without success,” he further wrote.
The records were real-time internet records of users that can help in tracking their overall internet activity through their DNS query logs.
Every time a user visits a website, the browser converts its web address into an IP address. This helps the browser identify what pages are live on the internet. The records can thus help identify which websites the user accesses and the apps they use.
Such data can also pose a major risk to high-risk individuals, including activists and journalists, especially in a country that is bullish on censorship, according to the TechCrunch report.
According to Payne, the data was likely exposed on May 1, based on data available in BinaryEdge. He discovered the database on May 7. The database was taken down on May 22.
“Over the course of roughly 3 weeks, the database was exposed and the volume of data was growing significantly. The database was adding approximately 200 million new rows of data every 24 hours,” Payne wrote.
He also provided steps that users can take to prevent their data from such leaks and to limit the tracking of their internet activities.
“There's no hiding from NetFlow or sFlow data collection from your ISP. If you're on their network, they can (and will) track where connections are originating and the destination for that traffic. Regarding the DNS query logs though – that is easy to solve. Use DoH or DoT to secure your DNS communications in transit so that your ISP can't see, log, spy on, and sometimes sell your DNS query traffic,” he wrote.