I guess I'm in there too. But passports get copied and provided to so many institutions these days that I wouldn't even consider nationality and passport number as private.
Now, if someone is traveling to Thailand to partake of some of the more controversial options, then I can see how this would be damaging.
We should all do our best to maintain privacy, but at the same time we should understand that the concept of privacy is changing. And by that I mean that we have less - and will have even less in the future - privacy than people did 10+ years ago.
It won't be long before biometric and other personally identifiable scanners will be integrated into much of what we touch or where we go. It may not be publicly known or even legal, but it will (and probably already does) happen. Just look at the NFC and facial recognition systems in much of our shopping places...
> we have less - and will have even less in the future - privacy than people did 10+ years ago
ok, but hunter-gatherers had only minimal privacy so we can adapt to a wide range of "privacies".
yes, it is true that the possibility of "increasingly impersonal threats from far away" has risen dramatically in recent history and it's not clear how well we will adapt to that.
Of course it's elasticsearch. Elastic did irreparable damage by paywalling authentication and TLS on a supposedly open source project. If you make security optional, you've created an insecure and unsafe product.
This is useful to attackers in social engineering scenarios for sure.
Additionally, some KBA authentication schemes might still be in place which make leaks like this one particularly problematic. Eg. one of my banks still asks relatively easy to answer questions to authenticate me when I call to unlock my card.
The most infamous KBA incident was the large scale IRS's tax returns fraud that occurred in 2014-2015:
The type of data leaked by the Thai government doesn't look too bad, but one should not underestimate the creativity of attackers, especially when the amount of data is large (and might overlap with other, previous breaches that contain different attributes.)
I get spam emails all the time which claim to have webcam pics of the recipient in flagrante delicto, oh and here’s a Bitcoin address you should send to if you don’t want them public. Rubbish, of course, as there’s nothing targeted about them; just a cleverly-worded mass email disguised as an individual extortion attempt. The next obvious step, however, is sprinkling enough details in to make it more convincing. “I have pics of what you did in Thailand in January 2019” would surely generate a lot more concern in a subset of the recipients.
When I get those I like to look up the bitcoin address on block explorer. Last time I checked one, two people had paid it out. No clue how many messages the spammer had sent, but there was at least a bit of payoff
I haven’t looked in a while but I think every example, even though the text was identical, had a different address. So if the one you saw already had two transactions...
It's strange that it doesn't contain addresses. There's a bunch of other information you have to fill in including address on your arrival forms - so if it's the case that "this is it", we got off lightly. I have travelled there three times in the last ten years.
I visited Thailand about six times in the last four years so this is a bit concerning to me. I really wish there were more details and hope that I can find out if my data was exposed as a part of this.
I've provided it to hotel staff, Airbnb hosts, condo security, car rental places, airline staff, and more over the years. They all make copies of it digitally and physically so it's floating around out there in lots of places.
Next time I get a passport it will change anyways so I'm not sure I see the big deal even if it was a unique, never changing number.
15 years ago a foreigner couldn't even get a hotel room in Thailand without handing over passport information for each guest. I can't imagine it's changed much since then. If the Thai police want to track you down it wouldn't be very hard.
If you travel much, or nowadays if you register on just about any legitimate cryptocurrency exchange, you've already shared this information - and usually with a photo.
And with the new COVID stuff/vaccinations, it's being shared more often even if you don't travel.
Now, if someone is traveling to Thailand to partake of some of the more controversial options, then I can see how this would be damaging.
We should all do our best to maintain privacy, but at the same time we should understand that the concept of privacy is changing. And by that I mean that we have less - and will have even less in the future - privacy than people did 10+ years ago.
It won't be long before biometric and other personally identifiable scanners will be integrated into much of what we touch or where we go. It may not be publicly known or even legal, but it will (and probably already does) happen. Just look at the NFC and facial recognition systems in much of our shopping places...