A subsidiary of Thailand’s largest cell network, Advanced Info Service (AIS), has made a database containing real-time internet records of millions of customers available online in a major data breach.
The information was released in May during a test scheduled by the company, who claim that no important data was made available. The database has now been made inaccessible.
In a blog post, security researcher Justin Paine discussed the database, saying that the information could help anyone to “quickly paint a picture” of what someone may be doing online in real-time.
Paine commented: “Over the course of the roughly three weeks the database has been exposed the volume of data has been growing significantly. The database was adding approximately 200 million new rows of data every 24 hours.
“To be precise, as of May 21st, 2020: 8,336,189,132 documents were stored in the database. This data was a combination of NetFlow data and DNS query logs.”
Paine says he alerted AIS of the breach May 13, but after the company failed to act, reported to Thailand’s national computer emergency response team, known as ThaiCERT.
AIS admits that there was a security lapse on its systems but insists that no important information was exposed in the data breach.
- NCSC to Carry Out New Review of Huawei’s Involvement in 5G Networks
- Drone Delivery Trials to Transport Medical Supplies to Scottish Island
- How is Technology Helping Boost Disabled Accessibility?
AIS spokesperson Sudaporn Watcharanisakorn commented: “We can confirm that a small amount of non-personal, non-critical information was exposed for a limited period in May during a scheduled test.
“All of the data related to Internet usage patterns and did not contain personal information that could be used to identify any customer.
“On this occasion, we acknowledge that our procedures fell short, for which we sincerely apologise.”
The company says it will continue to review its security measures.
This latest breach of data is continuing to become a common theme amongst large organisations worldwide who fail to ensure cybersecurity measures are put in place to protect users.