Thailand’s largest telecommunications company’s Advanced Info Service (AIS) urgently brought down one of its databases following a leak of more than 8 billion real-time internet records on millions of Thai internet users.
The data breach was discovered by security researcher Justine Paine, who found an exposed ElasticSearch database online containing DNS queries and Netflow data which appeared to be controlled by a subsidiary of a Thailand-based mobile network operator AIS (Advanced Info Service).
Paine said, “Over the course of the roughly 3 weeks the database has been exposed the volume of data has been growing significantly. The database was adding approximately 200M new rows of data every 24 hours. To be precise, as of May 21st, 2020: 8,336,189,132 documents were stored in the database”.
While the DNS query logs do not carry private or sensitive data like passwords or messages, anyone with access to the database can identify the user’s websites or apps they used. Paine said it can “paint a picture of what a person does on the Internet” which exposes serious security risk for individuals with high-risk professions like journalists, politicians and police.
Paine attempted to contact AIS about the issue, but to no avail. He then reported the incident to Thailand’s national computer emergency response team (ThaiCERT), which in turn contacted AIS. By May 22, the database was pulled offline.
Here’s a helpful guide on “How to protect yourself from your ISP snooping on the websites you visit”.