Thailand?s largest cell network AIS has pulled a database offline that was
spilling billions of real-time internet records on millions of Thai internet
users.

Security researcher Justin Paine said in ablog post
[https://rainbowtabl.es/2020/05/17/thai-database-leaks-internet-records/?=may-23-2020] that he found the database, containing DNS queries and Netflow data, on the
internet without a password. With access to this database, Paine said that
anyone could ?quickly paint a picture? about what an internet user (or their
household) does in real-time.

Paine alerted AIS to the open database on May 13. But after not hearing back for
a week, Paine reported the apparent security lapse to Thailand?s national
computer emergency response team, known as ThaiCERT, which contacted AIS about
the open database.

The database was inaccessible a short time later.

AIS spokesperson Sudaporn Watcharanisakorn confirmed AIS owned the data, and
apologized for the security lapse.

?All of the data related to Internet usage patterns and did not contain personal
information that could be used to identify any customer,? said the spokesperson.
?On this occasion we acknowledge that our procedures fell short, for which we
sincerely apologise.?

Since a 2017 law allowed U.S. internet providers to?sell internet records?? like
DNS queries and browsing histories ? of their users, browser makers have pushed
back by rolling out privacy-enhancing technologies that make it harder for
internet and network providers to snoop.

One such technology, DNS over HTTPS ? or DoH ? encrypts DNS requests, making
it?far more difficult?for internet or network providers to know which websites a
customer is visiting or which apps they use.

Also Read | European Supercomputers Attacked By Hackers To Mine Cryptocurrency
[http://finary.co/tech/european-supercomputers-attacked-by-hackers-to-mine-cryptocurrency/]

Also Read | Hackers release a new jailbreak that unlocks every iPhone
[http://finary.co/tech/hackers-release-a-new-jailbreak-that-unlocks-every-iphone/]