Jump to content


- - - - -

Massive leak of TrueMove phone data

  • Please log in to reply
3 replies to this topic

#1 reader



  • Members
  • PipPipPipPipPipPip
  • 1,304 posts
  • Gender:Male

Posted 15 April 2018 - 07:44 PM

From Nation Multimdia


Personal info at risk as TrueMove H customer data found in online folder


THE National Broadcasting and Telecom Commission (NBTC) has sought an urgent meeting with executives of TrueMove H, one of the country’s three major mobile phone operators, to question a probable massive leak of customers’ personal data.

The likely leak, including individuals’ ID cards and passport numbers, was first reported by Blognone, an online technology news service, when Niall Merrigan, a cyber-security researcher, said he had found the data under the folder name of Truemoveh/idcard with unrestricted access on the cloud storage facility of Amazon Web Service.


The 32-gigabyte folder contained multiple years of personal data of TrueMove H’s customers in Thailand, including those from 2016 (14.5 gigabytes), 2017 (8.3 gigabytes) and 2018 (2.2 gigabytes).


The folder shows a large quantity of personal ID card data, including photos and 13-digit numbers that were apparently used when customers first signed up with TrueMove H. The passport details of foreign customers in Thailand was in the folder, too. Due to its unrestricted access on the cloud-based data storage facility, such a massive data could be abused by unscrupulous people, affecting a large number of people in Thailand.


TrueMove responded to Merrigan’s alert on the possible data leak on Tuesday and managed to restrict access to the folder which stored its customers’ private data.


Takorn Tantasith, secretary-general of NBTC, said TrueMove H must explain during the April 17 meeting with the regulatory agency what happened to its customers’ personal data. There was a risk that a large number of individuals’ private ID card data could have been compromised due to it being stored in an unsecured way, he said.



#2 PeterRS



  • Members
  • PipPipPipPipPipPip
  • 537 posts

Posted 17 April 2018 - 08:53 AM

Can we now really trust any company/organisation to keep our data safe? As importantly how can we get them to obey our stated wishes?


I was a member of Linked In for a few years. I thought it might be useful for business purposes. It wasnt. So five years ago I deleted the account. Since then I have had at least 40 requests from Linked In members to be a friend or link or whatever they call it. The last was just two weeks ago. Worse, one from from a close friend who died four years ago. Having cancelled the account I now cannot get in in order to tell the organisation to stop sending me useless emails. I suppose to them I remain a number to justify their total member count.

#3 bucknaway



  • Members
  • PipPipPipPipPipPip
  • 518 posts
  • Gender:Male

Posted 17 April 2018 - 03:51 PM

Go to linked in and using the same email address, rejoin or try the lost mu password option. Then when in change your name on there and cancel your account again.

#4 stijntje



  • Members
  • PipPipPipPipPip
  • 160 posts
  • Gender:Male

Posted 20 April 2018 - 09:59 PM

I will probably be impacted too as I have had at least 3 different numbers with them :(

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users