US, WASHINGTON (ORDO NEWS) — AIS, Thailand’s largest mobile operator, has leaked a database of more than 8 billion Internet records. The number of victims whose information about online activity is in the public domain is estimated at several million people.
This was reported on the blog by cyber defense specialist Justin Payne.
According to Payne, the database he found contained DNS queries and Netflow data for traffic accounting, and was not password protected. Anyone who gained access to this information could find out what the user is doing on the Internet in real time.
The expert notified AIS of the leak on May 13th. Having received no response, Payne made a request to the National Emergency Response Team in Thailand (ThaiCERT), which itself contacted the operator’s representatives on May 21. The next day, access to the database was closed.
The AIS press service confirmed the leak, TechCrunch writes . They said that “a small amount of non-personal, non-critical information was disclosed for a limited period of time in May during a planned test.” The data that appeared in the public domain, the company emphasized, “did not contain personal information that could be used to identify the client.”
However, the publication notes, this is not so. And although DNS queries (used to obtain the IP address of a site when entering a domain in the browser address bar) do not contain personal messages or passwords, they can be used to find out which applications the subscriber uses and which sites he visits.
For example, Payne showed that the leaked AIS database made it possible to determine which antivirus is installed on the user, which smartphones, televisions and computers he or his family owns, which applications and operating systems they use, and how often they visit Facebook, Google, YouTube, TikTok and other services.
Contact us: firstname.lastname@example.org