Thai telco says data leak was just network test

BANGKOK, 26 May 2020:

Thailand’s largest mobile phone network Advanced Info Service (AIS) denied reports of a user data leak, saying the data was a test to improve its network.

Public relations chief Saichon Sapmak-udom said the data only painted an overall picture of internet usage without disclosing personal or sensitive information of its users.

“It is not personal data of our users. None of our customers have been affected, there is no financial damage,” she said in a statement.

The data leak came to light after a security researcher claimed a massive database of 8.3 billion real-time internet records of AIS users was leaked online. The database was secured on May 22.

In a blog post, security researcher Justin Paine said the database – likely controlled by AIS subsidiary Advance Wireless Network (AWN) – contained a combination of DNS queries (a demand for information sent from a user’s computer – DNS client to a DNS server) and NetFlow data (a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic).

“It (the database) does not contain sensitive data such as passwords, however it can identify which websites the user accessed and apps they used.

“Using this data, it is quite simple to paint a picture of what a person does on the Internet.”

Paine said the database was first publicly accessible on May 1 and he only discovered it on May 7.

He said he alerted AIS on May 13 on the leak of database, but failed to get the database secured after a week.

Later, he alerted Thailand’s computer emergency response team, Thailand National CERT team (ThaiCERT) – which was able to make contact with AIS and got the database secured.

“Over the course of the roughly three weeks, the volume of data exposed has been growing significantly. The database was adding approximately 200 million new rows of data every 24 hours.

“Approximately 8.3 billion documents and a total of 4.7 terabyte (TB) of information were stored in the database.”

Paine said with DNS query logs, a single source IP address, it is possible to determine the type of devices on users’ network, and the social networks they frequent – Google, YouTube, Facebook, TikTok, Line (a chat application).

– Bernama