the company AIS – Thailand’s largest mobile operator – has flowed base of more than 8 billion Internet records. The number of victims whose information about the online activity was in open access, is estimated at several million people. This was reported in blog, the specialist in cyber defence Justin Payne.
According to Payne, he found it contained DNS lookups and Netflow data for traffic accounting and it was not password protected. Anyone who gains access to this information, could know, what does the Internet user in real-time.
the Expert AIS were notified about the leak on may 13. Getting no response, Payne filed a request to the National group for emergency response in the field of computer technology of Thailand (ThaiCERT), which on may 21, she was contacted by representatives of the operator. The following day, access to the database was closed.
the press service of the AIS leak confirmed, says TechCrunch. They reported that “a small number of non-personal, non-critical information was revealed during a limited period of time in may during a scheduled test”. Caught up in sharing the data, said the company “did not contain personal information that could be used to establish the identity of the client.”
However, the newspaper notes, it is not. Although DNS queries (used to obtain the IP address of the website when typing the domain into the address bar of the browser) do not contain personal messages or passwords, they can be used to find which applications used by the subscriber and which sites are visited.
for Example, Paine showed that the leaked database AIS allowed to determine which antivirus is installed the user what smartphones, TVs and computers he owns, or his family, which applications and operating systems they use, and how often do you go onto Facebook, Google, YouTube, TikTok and other services.