Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq
A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million passports, driver’s licenses, and selfie verification photos online. The issue came from a misconfigured Amazon cloud storage bucket that was left […]
A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million passports, driver’s licenses, and selfie verification photos online. The issue came from a misconfigured Amazon cloud storage bucket that was left publicly accessible. As a result, anyone with a web browser and knowledge of the bucket name “tabiq” could view passports, IDs, and other customer data without authentication.
Cyber security researcher Anurag Sen alerted TechCrunch after finding that a hotel check-in system was exposing sensitive guest documents worldwide. Sen reported the issue to help prompt action. Following TechCrunch’s notification to the company and Japan’s cybersecurity coordination team JPCERT, the system was secured and the exposed bucket was locked down.
Related breach coverage
- A Fake UK Visa Site Left 100,000 Passports Wide Open2026-05-28
A third-party UK visa site exposed passports and selfies on a public AWS server. It’s not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not run by the British government. It’s a third-party service, apparently operated by a UAE-registered company called Active Leadgen LLC, that charges fees to help people apply […]
- 19.6 Billion Files Are Sitting Open on the Internet. No Password Required2026-05-28
19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There’s a comfortable myth most people carry around: that the data they hand to companies is locked somewhere safe. Researchers at Mysterium VPN just ran the numbers, and the numbers disagree. Across 535,480 publicly listable cloud storage […]
- Security Affairs newsletter Round 579 by Pierluigi Paganini – INTERNATIONAL EDITION2026-05-31
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers Signal Phishing Campaign Targets Journalists and […]
- Geordie Raises $30 Million for AI Security and Governance Platform2026-05-28
The funding round was led by Balderton Capital, with additional support from Crosspoint Capital and previous investors General Catalyst and Ten Eleven Ventures. The post Geordie Raises $30 Million for AI Security and Governance Platform appeared first on SecurityWeek.