TL;DR
A Japan-based hotel check-in system, Tabiq, exposed over one million customer documents and photos due to a misconfigured cloud storage bucket. The data is now offline after TechCrunch alerted the company. The incident highlights ongoing cybersecurity risks from human error.
A hotel check-in system used across several hotels in Japan exposed over one million customer passports, driver’s licenses, and photos due to a cloud storage misconfiguration. The data was accessible online without authentication until the company, Reqrea, secured the storage after being alerted by TechCrunch. This incident underscores persistent cybersecurity vulnerabilities linked to human error.
The affected system, called Tabiq, is maintained by Reqrea, a Japan-based tech startup. It uses facial recognition and document scanning to verify guests during check-in. The exposed data included sensitive identity documents and selfie verification photos from guests worldwide, stored in an Amazon cloud bucket configured to be publicly accessible. The leak was discovered by independent security researcher Anurag Sen, who notified TechCrunch earlier this week. Upon receiving the alert, Reqrea promptly secured the bucket, which contained files dating back to 2020. The company has not confirmed whether any unauthorized access occurred before the fix, but is reviewing logs to determine if data was accessed.
Why It Matters
This incident highlights ongoing cybersecurity risks associated with human error and misconfiguration, particularly in cloud storage. Exposing sensitive personal data such as passports and driver’s licenses increases the risk of identity theft and fraud. It also raises concerns about the security of third-party verification systems used in travel and financial sectors, especially as governments and private companies rely more heavily on digital identity verification.
HERO Neck Wallet – RFID Blocking Passport Holder, Easy to Conceal Travel Pouch (Army Grey)
- Lifetime Replacement Guarantee: Backed by lifetime replacement policy
- Hands-Free Travel Pouch: Conceals passports, IDs, cards, cash, and valuables
- RFID Blocking Lining: Protects against electronic theft
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Previous incidents include the exposure of government-issued IDs by services like Duc App and a data breach at Hertz affecting over 100,000 driver’s licenses. These lapses occur amid increasing use of digital identity checks for age verification and financial transactions, often involving third-party vendors. Amazon has added warnings to prevent accidental public exposure of cloud data, but errors still occur, often due to human oversight.
“The exposure of over one million identity documents due to a simple misconfiguration underscores how human error remains a critical vulnerability in cybersecurity.”
— Zack Whittaker, TechCrunch security editor
“We are conducting a thorough review with external legal counsel to determine the full scope of exposure.”
— Reqrea director Masataka Hashimoto
USB Card Reader Adapter for Secure Digital Identity Verification & Multi Format Memory Compatibility
- Wide OS Compatibility: Supports Windows 98 to 10 and more
- Multi-Format Card Support: Handles various card types including bank and government cards
- Secure Digital Verification: Ideal for online banking and identity checks
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet confirmed whether any unauthorized access occurred before the bucket was secured. Details about the number of affected individuals and whether the data was downloaded or misused remain unclear. The full scope of the breach is still under investigation.
Epson Workforce ES-50 Portable Sheet-Fed Document Scanner for PC and Mac
- Lightweight and Portable: Fastest and lightest in its class
- Quick Scanning Speed: Single page in 5.5 seconds
- Wide Compatibility: Works with Windows and Mac
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Reqrea is expected to complete its investigation and notify affected individuals. The company may also implement additional security measures and review its data handling protocols. Monitoring of the incident’s impact and any potential misuse of data will likely continue in the coming weeks.
3D Face Recognition Smart Door Lock – Fully Automatic Biometric Fingerprint Lock with Facial Scan, APP Control, Keypad & Key Entry | Aluminum Alloy Digital Front Door Lock for Home, Office & Apartment
- 3D Face Recognition: Touch-free, accurate facial scanning
- Multiple Unlock Methods: Face, fingerprint, password, app, card, key
- Automatic Locking System: Motorized, hands-free locking and unlocking
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How many people were affected by this data leak?
It is estimated that over one million documents, including passports and driver’s licenses, were exposed, but the exact number of individuals affected is still being determined.
Has the data been accessed or misused?
There is no confirmed evidence that the data was accessed or misused before the security was fixed, but investigations are ongoing to determine if any unauthorized access occurred.
What steps is the company taking to prevent future leaks?
Reqrea has secured the cloud storage and is reviewing its security protocols, including better access controls and staff training, to prevent similar incidents.
Could this happen again?
While Amazon has added warnings to reduce accidental exposure, human error and misconfiguration risks remain, so the possibility of future leaks cannot be entirely eliminated without ongoing vigilance.
