AIS exposes real-time internet users’ records in Thailand

June 9, 2020
ais phone data services provider data leakage compromised data data leak infosec privacy information security thailand

Thailand’s largest mobile phone operator and data services provider, AIS (Advanced Info Service or better known as Advanced Info Service Public Company Limited) is listed to have more than 50 million customers as of Q1 2019. The company is controlled by InTouch Holdings of Thailand, headed by Temasek, a government agency owned by Singapore and Singapore Telecom.

The company recently took one of its databases offline due to a suspected data leakage. As it turns out, the suspected leakage has exposed over 8 Billion worth of internet records of Thailand’s internet users. It was just right out there, like a sitting duck, according to a cyber security expert who immediately reported his findings over at the AIS.

After about a week, it seems as though the company didn’t take his advisory and his findings seriously, that he ended up contacting the country’s cyber watchdog team, ThaiCERT (Thailand’s National CERT Team). ThaiCERT, in turn, immediately contacted and notified AIS to question them about the reported leakage. It was thereafter that the company took down the network connecting the database in order to secure their information. The alleged leak was from one of their subsidiaries, AWN (Advanced Wireless Network) which contains DNS queries and Netflow logs from customers.

That information, is 8 billion worth of real-time internet records – individual tracking of information for all users through their DNS query logs. The way it works is that every visit to a certain website, the browser then converts the actual web URL into an IP address. This is how the browser is able to identify the live content on the internet. The records are able to identify which websites or apps/programs are being accessed or used by several users at a time. These records can pose a risk, especially to those people like celebrities, journalists, media activists, and other high-profile individuals that wouldn’t want their browsing histories accessed.

In the still ongoing investigation, experts believe that the leakage probably started around the first week of May. Given that the discovery was made a week prior and with the amount of data involved, some other security analyst might’ve found or discovered it, if not, earlier. Considering the period of time that the database has been exposed, the amount of data has been growing significantly, possibly at an exponential rate. One analyst noted that the database, in 3-weeks’ time, is most likely able to add more than 200 million new rows of information every 20-24 hours.

According to ThaiCERT, there’s no hiding from the network and the automatic data collection on the background from your Internet Service Provider. Once you are online, the network’s system can easily identify the source and destination IP addresses for a certain website or browsing traffic. This kind of record proves very useful for hackers if acquired. They can secure your DNS communications and possibly spy on you or sell your internet traffic somewhere else for data acquisition.

Immediately after the reports and statements from the AIS and ThaiCERT, users were advised to take proper precautions in making sure that their browsers and machines are updated and protected with the latest security patches and security software. Even television ads are sending out advisories about internet safety and how to protect yourself from all possible cyber threats.

About the author

Leave a Reply