[TekMol]

What dangers are associated with this type of data becoming public?

I can imagine burglars using this info to decide which houses and apartments to rob.

Anything else that comes to mind?

Any first / second hand experiences of what can happen if private data like this becomes public?

[diegoveralli]

This is useful to attackers in social engineering scenarios for sure.

Additionally, some KBA authentication schemes might still be in place which make leaks like this one particularly problematic. Eg. one of my banks still asks relatively easy to answer questions to authenticate me when I call to unlock my card.

The most infamous KBA incident was the large scale IRS's tax returns fraud that occurred in 2014-2015:

- https://krebsonsecurity.com/2015/03/sign-up-at-irs-gov-befor...

- https://krebsonsecurity.com/2015/08/irs-330k-taxpayers-hit-b...

- https://krebsonsecurity.com/2016/02/irs-390k-more-victims-of...

The type of data leaked by the Thai government doesn't look too bad, but one should not underestimate the creativity of attackers, especially when the amount of data is large (and might overlap with other, previous breaches that contain different attributes.)

[ryanlol]

(In the US) passport info is not typically used for KBA, none of the common providers do it.

[ericbarrett]

I get spam emails all the time which claim to have webcam pics of the recipient in flagrante delicto, oh and here’s a Bitcoin address you should send to if you don’t want them public. Rubbish, of course, as there’s nothing targeted about them; just a cleverly-worded mass email disguised as an individual extortion attempt. The next obvious step, however, is sprinkling enough details in to make it more convincing. “I have pics of what you did in Thailand in January 2019” would surely generate a lot more concern in a subset of the recipients.

[tekstar]

When I get those I like to look up the bitcoin address on block explorer. Last time I checked one, two people had paid it out. No clue how many messages the spammer had sent, but there was at least a bit of payoff

[ericbarrett]

I haven’t looked in a while but I think every example, even though the text was identical, had a different address. So if the one you saw already had two transactions...

[BrandoElFollito]

Same here. I noticed they in the early days of the scam there were very payments (cannot say obviously if all were talked to that scam).

Then it was mostly empty wallets with the occasional one or two transactions.

The early scammers made a lot of money.

[weird-eye-issue]

How is somebody going to get your address from this info? Did you actually look at what was leaked?

[deanclatworthy]

It's strange that it doesn't contain addresses. There's a bunch of other information you have to fill in including address on your arrival forms - so if it's the case that "this is it", we got off lightly. I have travelled there three times in the last ten years.

[tpmx]

Also lucky the biometric data from passports wasn't included - portrait photos and fingerprint data. (https://www.hindawi.com/journals/bmri/2012/490362/)