This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
After uncovering an unsecured database collecting the personal information of millions of tourists to Thailand, a British cybersecurity researcher unexpectedly stumbled upon his own personal data online. An unencrypted Elasticsearch server was discovered by Bob Diachenko, a cybersecurity researcher and security leader at Camparitech, exposing the personal data of approximately 106 million international passengers to Thailand. The data was accessible online in an unsecured database, allowing anyone to access it.
Threat actors are constantly on the lookout for unprotected servers. There is no proof of how long the database was exposed before Diachenko’s disclosure in this case. A honeypot, on the other hand, was set up to monitor hacker intrusions.
“Notably, the IP address of the database is still public, but the database itself has been replaced with a honeypot. Anyone who attempts access at that address now receives the message: This is honeypot, all access were logged,” Diachenko added.
A honeypot is a security tool that detects or prevents unauthorized network and information system breaches. The organization set up a honeypot to see how quickly hackers would attack an Elasticsearch server using a dummy database and fake data. From May 11 until May 22, 2020, Comparitech left the data exposed. It discovered 175 attacks in just eight hours after the service went live, with a total of 22 attacks in a single day.
After he reported the problem to Thai authorities, the database was safeguarded. According to Diachenko, every visitor who visited Thailand in the last ten ye
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Thailand’s Data on 106 Million Visitors has been Breached