BANGKOK (Bernama): Thailand’s largest mobile phone network Advanced Info Service (AIS) has denied reports of a user data leak, saying the data was a test to improve its network.
Its public relations chief Saichon Sapmak-udom said the data only painted an overall picture of Internet usage without disclosing the personal or sensitive information of its users.
"It is not personal data of our users. None of our customers has been affected, there is no financial damage, ” she said in a statement.
The data leak came to light after a security researcher claimed a massive database of 8.3 billion real-time Internet records of AIS users was leaked online. The database was secured on May 22.
In a blog post, security researcher Justin Paine said the database, likely controlled by AIS subsidiary Advance Wireless Network (AWN), contained a combination of DNS queries (a demand for information sent from a user's computer) and NetFlow data (a network protocol developed by Cisco for collecting traffic information and monitoring network traffic).
"It (the database) does not contain sensitive data such as passwords, however it can identify which websites the user accessed and apps they used.
"Using this data, it is quite simple to paint a picture of what a person does on the Internet, ” he said.
Paine said the database was first publicly accessible on May 1 and he only discovered it on May 7.
He said he alerted AIS on May 13 on the leak of database, but the database was still not secured after a week.
Later, he alerted Thailand’s computer emergency response team (ThaiCERT), which was able to make contact with AIS and get the database secured.
"Over the course of the roughly three weeks, the volume of data exposed has been growing significantly. The database was adding approximately 200 million new rows of data every 24 hours.
"Approximately 8.3 billion documents and a total of 4.7 terabytes of information were stored in the database, ” he added.
Paine said with DNS query logs, a single source IP address, it is possible to determine the type of devices on users’ network, and the sites they frequent – Google, YouTube, Facebook, TikTok, Line (a chat application). – Bernama
Did you find this article insightful?