Security researcher Justine Paine has come across an exposed ElasticSearch database that was leaking billions of real-time internet records on millions of Thai internet users. The database containing DNS queries and Netflow data appeared to be controlled by a subsidiary of a Thailand-based mobile network operator AIS (Advanced Info Service), which is Thailand's largest GSM mobile phone operator.

The database included a combination of DNS query logs and NetFlow logs for what appears to be AIS subsidiary Advanced Wireless Network (AWN) customers. Paine said that anyone having access to this data can “paint a picture of what a person does on the Internet.”

According to BinaryEdge data, the database has been exposed online since May 1, 2020. The researcher said the database he found was part of a cluster of three ElasticSearch nodes.

“Over the course of the roughly 3 weeks the database has been exposed the volume of data has been growing significantly. The database was adding approximately 200M new rows of data every 24 hours. To be precise, as of May 21st, 2020: 8,336,189,132 documents were stored in the database,” Paine said.

According to the researcher, anyone with access to the database could learn a number of things from a single internet-connected house, such as the kind of devices they owned, which antivirus they ran, and which browsers they used, and which social networks and websites they frequented.

Paine said he made multiple attempts to contact AIS about the issue, but to no avail. He then reported the incident to Thailand’s national computer emergency response team (ThaiCERT), which contacted AIS about the exposed database. Shortly after, the database was pulled offline.