From Bangkok to Phuket, they cry out: Oh, Bucket! Thai mobile operator spills 46k people's data

S3 spillage spoils included driving licences and passports

TrueMove H, the biggest 4G mobile operator in Thailand, has suffered a data breach.

Personal data collected by the operator leaked into an Amazon Web Services S3 cloud storage bucket. The leaked data, which includes images of identity documents was accessible to world+dog before the mobile operator finally acted to restrict access to the confidential files yesterday, 12 April.

The issue was uncovered by security researcher Niall Merrigan, who told us he had tried to disclose the problem to TrueMove H, but said the mobile operator had been slow to respond.

Amazon's answer to all those leaky AWS S3 buckets: A dashboard warning light


The researcher told El Reg that he’d uncovered around 46K records that collectively weighed in at around 32GB. Merrigan attempted to raise the issue with TrueMove H, but initially made little headway beyond an acknowledgement of his communication.

Representatives of the telco initially told him to ring its head office when he asked for the contact details of a security response staffer before telling him his concerns had been passed on some two weeks later, after El Reg began asking questions on the back of Merrigan’s findings.

In the meantime, other security researchers have validated his concerns.

“There were lots of driving licences and I think I saw a passport,” said security researcher Scott Helme. “I guess they have to send ID for something and the company is storing the photos in this bucket, which can be viewed by the public.”

El Reg approached TrueMove H about the incident. The mobile operator responded last month with a holding statement stating that it was investigating the matter and we hung fire on opublication until the data was no longer public facing.

Please kindly be informed that this matter has been informed to a related team for investigation. If they have any queries or require any further information from you, they will contact [you] later.

Merrigan said the exposed data was still available up until yesterday, when it was finally made private, allowing the security researcher to go public with his findings. A blog post by Merrigan that explains the breach - and featuring redacted screenshots of the leaked identity documents - can be found here. ®

Send us news
Get our Security newsletter

Keep Reading

Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown-jewels hacking tools

Not a great look

Poor, poor mobile networks. UK's comms watchdog plans to stop 'em selling locked-down handsets

First OTT apps nick their SMS revenue, now this...

Amazon Web Services launches appeal after losing $12m AWS trademark war in China to local biz Actionsoft

American goliath vows to overturn ruling at Middle Kingdom's Supreme People’s Court

Tech support scammer dialed random number and Australian Police’s cybercrime squad answered

Cops used the opportunity to figure out remote access traps

Social networks warn Pakistan its new content-blocking laws will hurt economic growth

Good luck with your digital transformation without us on board, says Asia Internet Coalition

Amazon Transcribe can now ID 31 languages from audio so uncultured swines don't have to

Give that tagging finger a rest

Amazon makes big bet on New Zealand to crack Indian market

This one's all about putting cricket behind a paywall for nine-figure audiences of ardent fans

Amazon gets green-light to blow $10bn on 3,000+ internet satellites. All so Americans can shop more on Amazon

Jeff knows you've gotta spend money to make money

CSI: coming soon to a screen near you

'Counterfeit Stuff Investigation' team staffed by former federal prosecutors to go after dodgy merchants and makers

Extreme Networks misses death-of-Flash deadline, suggests winding back PC clocks to keep its GUI alive

Promises new client ‘within days’ but had years to make the fix

Tech Resources

Infrastructure Monitoring 101

Our apps and services are expected to work quickly and seamlessly on any number of devices, from different kinds of networks and in different locations around the globe. Monitoring the infrastructure that supports those experiences — layers of interconnected technologies that become more complex every year — is key to any organization’s success.

Catching Modern Threats: InsightIDR Detection Methodologies

Learn how our multi-layered approach enables teams to detect malicious activity across the attack chain for both known and unknown threats.

Leveraging Omniverse in AEC

Learn how Omniverse can power your projects in the architecture, engineering, and construction industries.

From Zero to Hero: The Path to CIAM Maturity

Okta define and discuss four key phases on the path to CIAM maturity and the pain points that companies encounter in each phase of the maturity curve.