Passport numbers and personal details of thousands of foreign nationals living in Thailand were readily available to the public on the 27th March due to a data breach on the website when undergoing a test run for police, admitted by the site’s developer Akram Aleeming.
The website was openly available to the public and the leak was picked up by social media users which resulted in the website going viral. The website carried an immigration police seal but it used a private Thai web address not usually associated with government sites.
Further underscoring the vulnerability of the site, some users who came across it correctly guessed the password to enter the website’s management system: 123456.
The leak comes as the junta-ruled nation pushes forward with a very public crackdown against foreigners overstaying their visas and criminals, with immigration police adopting the slogan ‘good guys in, bad guys out’.
The website administrator took down the site at around 2am, unfortunately a little too late for any damage to be reversed and Deputy Prime Minister, Prawit Wongsuwon, ordered the data to be removed without trace.
Spokesman for defence, Khongcheep Tantravanic, noted that expats were concerned about their safety because of the detailed information revealed to the public.
Thai Netizens, a digital advocacy group, tracked down Aleeming, who later took to his personal Facebook account stating that the site had been mistakenly made public during test stages and he later confirmed that the site had been commissioned by Thai immigration police.
Despite the quite obvious error, Major General Thanusilpa, the immigration police commander, brushed the leaks aside, claiming the website contained no important information – despite the concrete evidence of passport numbers, names, home addresses and job roles proving otherwise.
Thai bureaucracy is not held highly for its digital competence. Many websites in Thailand are underdeveloped and therefore vulnerable to even the most amateur of cyberattacks, as demonstrated in late 2015 when internet-based activists managed to take down government servers by simply refreshing pages – a method knows as a denial-of-service attack.
This previous attack was a technological response to the junta’s plan to create a single gateway to control all of the web traffic in Thailand. Despite junta chairman Prayuth Chan-cha insisting the project is meant to protect Thai’s from online nasties, critics have condemned the plan as intrusive and not technically feasible as authorities do not have the know how and resources to nurture the system.
Hidden behind the façade of its booming tourist sector, Thailand has edged towards a mistrust for foreigners under the junta rule, with officials consistently blaming foreigners for a range of troubles including crime and provoking political and social unrest.