I visited Thailand about six times in the last four years so this is a bit concerning to me. I really wish there were more details and hope that I can find out if my data was exposed as a part of this.
I've provided it to hotel staff, Airbnb hosts, condo security, car rental places, airline staff, and more over the years. They all make copies of it digitally and physically so it's floating around out there in lots of places.
Next time I get a passport it will change anyways so I'm not sure I see the big deal even if it was a unique, never changing number.
15 years ago a foreigner couldn't even get a hotel room in Thailand without handing over passport information for each guest. I can't imagine it's changed much since then. If the Thai police want to track you down it wouldn't be very hard.
I can't think of a single country (other than my own, and maybe in the rest of the EU) where I've gone to a hotel and not had to give my passport and credit card. Passport is photocopied, credit card is checked. Passport number is like a US social security number, it's public information.
I checked into two hotels this past week while getting out of the city without giving any info. My Thai gf booked and paid for them so I'm not sure if that had anything to do with it. A couple years ago I had to give my passport to all hotels that I can remember
A new passport number comes with each replacement/renewal so I would suspect this is just security theater and you can upload any sample passport with the text changed. If they are insisting on the same exact passport again they could accept a fax of a random artwork and it would be more secure and just as permanent.
Which ones? The ones I've used use passport (and often photo holding passport) to enable certain features or raise limits, but they're not used for withdrawl. 2FA and email verification is.
Are you sure you just need the number for that and not a copy of the actual document?
Like gp says, I've handed my actual passport to every hotel I've stayed at, and they usually make a photocopy. If anyone is assuming that a photocopy of a passport is good evidence that someone is who they say they are, they're wrong. If someone is assuming that just the number proves anything, then they're more wrong.
The times I've needed my passport online to prove my identity, it was usually one of those ID processes where I need to be in front of a camera holding my actual passport.
If you travel much, or nowadays if you register on just about any legitimate cryptocurrency exchange, you've already shared this information - and usually with a photo.
And with the new COVID stuff/vaccinations, it's being shared more often even if you don't travel.