Hotel check-in system exposes over 1 million passports and driver's licenses
Tags Enterprise ยท Infrastructure
A technology company that provides check-in systems for hotels left cloud storage configured to public, allowing anyone to access approximately 1 million passport and driver's license images without a password. The data exposure, discovered by TechCrunch, affects guests who used the system at multiple hotel locations. The company has since secured the storage, but the data may have been exposed for an extended period.
Technical significance
This is a textbook cloud misconfiguration incident at scale, affecting identity documents that cannot be rotated like passwords. It underscores the ongoing risk in hospitality and travel tech supply chains, where third-party vendors handle sensitive identity data with insufficient security oversight.