Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Dumb Co dared me to exchange my iPhone for a hacked phone

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Meta removes controversial AI feature on Instagram after backlash

    11 July 2026

    OpenAI launches its new family of models with GPT-5.6

    10 July 2026

    Fidji Simo resigns from the no. 2 role

    10 July 2026

    Nvidia is a victim of the PC market it created

    9 July 2026

    Google’s deepfake detection system used to debunk McConnell’s hoax

    9 July 2026
  • Apps

    Apple is suing OpenAI for alleged trade secret theft

    11 July 2026

    EU threatens Meta with fines for addictive features on Facebook and Instagram

    10 July 2026

    Instagram users: Here’s how to stop Meta’s AI from using your photos

    10 July 2026

    Anthropic’s new Claude ability quietly sells you on the AI

    9 July 2026

    Truecaller clashes with India’s telecom regulator over anti-spam rules

    9 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

    10 July 2026

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026
  • Hardware

    Dumb Co dared me to exchange my iPhone for a hacked phone

    11 July 2026

    SK Hynix raises $26.5 billion in largest foreign public IPO in US history, set to build new fabs in US

    11 July 2026

    After Apple, smartphone manufacturing boom in India enters new phase with Vivo JV

    10 July 2026

    Elon Musk praises Mythos/Fable, promises not to ‘cut’ Anthropic

    10 July 2026

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026
  • Media & Entertainment

    Netflix could be planning “always on” live TV channels.

    11 July 2026

    Netflix is ​​dealing with shorter video content with its new set of publisher deals with Variety and others

    8 July 2026

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026
  • Security

    US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

    11 July 2026

    Florida ransomware dealer convicted of helping ransomware gang extort US companies

    10 July 2026

    Hacktivists call out Trump by hacking and defacing US military websites

    8 July 2026

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026
  • Startups

    Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

    11 July 2026

    Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

    10 July 2026

    These AI startups are growing revenue at an ever-faster pace

    10 July 2026

    Popular Open Source AI Developer Tool Ollama Raises $65M, Grows to Nearly 9M Users

    9 July 2026

    With EU support, QuantumDiamonds aims to accelerate chip manufacturing

    9 July 2026
  • Transportation

    Slate Auto partners with Crayola to paint its EV truck

    10 July 2026

    Autonomous drone delivery startup Manna plans major US expansion

    9 July 2026

    Federal authorities are demanding that autonomous vehicle companies stop interfering with first responders

    9 July 2026

    Another massive data breach exposed millions of driver’s license numbers

    8 July 2026

    This startup brings dealers together to bid on your used car

    7 July 2026
  • Venture

    Filed Under: College Fizz App Accuses VC Of Sharing Confidential Startup Info With Rival Sidechat

    11 July 2026

    Charles Hudson shares the common mistakes he’s seen after investing in 500+ startups

    10 July 2026

    Nandan Nilekani steps down as GP at Fundamentum as it launches third $200m fund

    9 July 2026

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»A hotel check-in system left a million passports and driving licenses open for anyone to see
Security

A hotel check-in system left a million passports and driving licenses open for anyone to see

techtost.comBy techtost.com15 May 202603 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
A Hotel Check In System Left A Million Passports And Driving
Share
Facebook Twitter LinkedIn Pinterest Email

A hotel check-in system left more than 1 million customers’ passports, driver’s licenses and selfie verification photos on the open web after a security breach. The data is now offline after TechCrunch notified the company responsible.

The hotel check-in system, called Tabiqmaintained by the Japan-based tech startup Playtime. According to its website, Tabiq is used in several hotels across Japan and relies on facial recognition and document scanning to check in guests.

Independent security researcher Anurag Sen contacted TechCrunch earlier this week after discovering that the system was leaking sensitive documents of hotel guests from around the world. Sen said this was because the startup made one of Amazon’s cloud-hosted storage bins, which the check-in system uses to store customer data, publicly accessible. The data inside could be viewed by anyone using a web browser, no need for a password, just knowing the bin name: “tabiq”.

Sen alerted TechCrunch in an effort to help alert the company. Reqrea locked down the storage bin after TechCrunch contacted both the company and Japan’s Cyber ​​Security Coordination Group, JPCERT.

This latest bug highlights a recurring problem of companies exposing or leaking their customers’ personal information and sensitive documents — not through sophisticated attacks, but by failing to follow basic cybersecurity practices. In addition to the recent buzz of vulnerabilities discovered by artificial intelligence and new cybersecurity capabilities, many times major security incidents are due to human error, misconfigurations, or a failure to follow cybersecurity best practices.

In an email acknowledging the report, Reqrea director Masataka Hashimoto told TechCrunch: “We are conducting a thorough review with the support of outside legal counsel and other advisors to determine the full scope of the report.”

Reqrea said she does not know how the storage bin became public. By default, Amazon cloud storage buckets are private. After a series of exposed customer storage bins a few years ago, Amazon added several warning prompts to customers before the data was made public, making this type of mistake increasingly difficult to accidentally make.

Hashimoto told TechCrunch that the company plans to notify affected individuals once it completes its investigation.

It remains unclear whether anyone other than Sen had access to the exposed data before it was secured. Hashimoto said the company is reviewing its logs to determine if there was any authorized access before securing the bin.

Details of the exposed bucket were also recorded by GreyHatWarfarea searchable database that indexes publicly visible cloud storage. The bucket list contains records dating from early 2020 to this month and included visitor IDs from countries around the world.

The breach of the hotel’s check-in system follows other incidents involving sensitive government-issued documents. Earlier this year, TechCrunch reported on the exposure of driver’s licenses, passports and other identification documents uploaded by customers of money transfer service Duc App. A data breach at car rental service Hertz last year led to hackers denying driver’s license information belonging to at least 100,000 customers.

These incidents come at a time when governments are increasingly enforcing age verification laws and private businesses are using “know your customer” checks to verify a person’s identity. Both rely on adults uploading sensitive documents, often to third-party companies, for verification, despite criticism from cybersecurity experts. Data gaps may put people whose information was obtained at greater risk of identity fraud or misuse of their likeness as age verification requirements take hold around the world.

When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.

age verification checkin cyber security data report driving Exclusive hotel left licenses million open passports system
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleIndian Uber rival Rapido raises $240 million at $3 billion valuation
Next Article How to disable Instagram’s new Instants feature and recall accidentally shared photos
bhanuprakash.cg
techtost.com
  • Website

Related Posts

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Florida ransomware dealer convicted of helping ransomware gang extort US companies

10 July 2026

Popular Open Source AI Developer Tool Ollama Raises $65M, Grows to Nearly 9M Users

9 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Dumb Co dared me to exchange my iPhone for a hacked phone

11 July 2026

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

11 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

10 July 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026
Startups

Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

These AI startups are growing revenue at an ever-faster pace

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.