Thai mobile operator database exposed 8 billion Internet records

We implicitly trust our ISPs and carriers, often without a second thought that all our Internet-related activity passes through them. After all, they are bound by laws to ensure their customers' safety and privacy though some still manage to find ways around that. Even well-intentioned companies, however, aren't infallible and even a single misconfigured setting could have terrible consequences. That's exactly the frightening scenario that has just happened in Thailand when AIS, one of its biggest carriers, accidentally exposed billions of Internet records to anyone who knew how to snoop around.

Security researcher Justin Paine discovered a cluster of now less than three servers where databases were left exposed without a password. The database was actually controlled by Advanced Wireless Network (AWN), a subsidiary of Thailand's Advanced Info Services (AIS) network operator. AIS is, however, AWN's only upstream peer and, for all intents and purposes, was completely controlled and used solely by AIS.

To its credit, AIS sent TechCrunch a statement owning up to the blunder that was ongoing since May. It was only last week that the database was secured after repeated attempts to contact the company. In its statement, AIS says that no personal information was leaked and while technically true, hackers and even government agents need not go that far to get something about from this database.

The database contained more than 3 billion DNS queries and around 5 billion NetFlow data in Thailand. Together, these pieces can be used to trace where certain users or households, identified based on their IP addresses, go on the Internet. This information can then be analyzed to build up a profile of users, which is exactly what advertisers do when they get their hands on something like this.

That can also be problematic for Internet users in countries with more restrictive policies on free speech, countries exactly like Thailand. While the database has finally been closed off from public access, it isn't known who else has been able to access it in the three weeks it was left exposed.