A hotel check-in system left a million passports and driver’s licenses open for anyone to see
Key takeaways
- A hotel check-in system left more than one million customer passports, driver s licenses, and selfie verification photos to the open web after a security lapse.
- The hotel check-in system, called Tabiq, is maintained by the Japan-based tech startup Reqrea.
- Independent security researcher Anurag Sen contacted TechCrunch earlier this week after discovering that the system was leaking the sensitive documents of hotel guests from around the world.
A hotel check-in system left more than one million customer passports, driver s licenses, and selfie verification photos to the open web after a security lapse. The data is now offline after Tech Crunch alerted the company responsible.
The hotel check-in system, called Tabiq, is maintained by the Japan-based tech startup Reqrea. According to its website, Tabiq is used in several hotels across Japan and relies on facial recognition and document scanning to check guests in.
Independent security researcher Anurag Sen contacted TechCrunch earlier this week after discovering that the system was leaking the sensitive documents of hotel guests from around the world. Sen said this was because the startup set one of its Amazon cloud-hosted storage buckets, which the check-in system uses to store customer data, to be publicly accessible. The data inside could be viewed by anyone using a web browser, without needing a password, by knowing only the bucket name: tabiq.