Ethical Hacking News
A Japanese hotel platform's sensitive guest data was exposed online due to a misconfigured Amazon cloud storage bucket, compromising over 1 million passports, IDs, and selfie verification photos.
Awareness breach occurred due to a misconfigured Amazon S3 bucket, exposing over 1 million passports, driver's licenses, and selfie verification photos. The exposed bucket contained files from as far back as early 2020, including identity documents of hotel guests from multiple countries worldwide. The incident highlights the importance of regular security audits, penetration testing, and proper training in place to prevent human errors. Amazon is investigating the matter and working closely with Reqrea to resolve the issue, while also providing additional warnings to S3 bucket owners. The incident serves as a reminder of the importance of robust security controls and regular monitoring in today's digital landscape.
Amazon Web Services (AWS), the world's leading cloud computing platform, has once again been at the center of a high-profile data breach. A security lapse in the Japanese hotel platform Reqrea's Tabiq check-in system exposed over 1 million passports, driver's licenses, and selfie verification photos online due to a misconfigured Amazon S3 bucket.
The issue came to light after cybersecurity researcher Anurag Sen alerted TechCrunch about the vulnerability in early May. The exposed bucket contained files from as far back as early 2020, including identity documents of hotel guests from multiple countries worldwide. It is unclear how the storage bucket was made public, but Amazon S3 buckets are private by default and now include extra warnings to prevent accidental exposure.
According to Reqrea, the company does not know how the storage bucket was made public and is conducting a thorough review with external legal counsel and advisors to determine the full scope of exposure. The investigation is ongoing, and the company plans to notify affected users after completing it.
It is still unclear whether anyone besides researcher Anurag Sen accessed the data before it was secured. Reqrea is reviewing logs to check for any prior unauthorized access. Despite the lack of clear information on how the bucket was exposed, security experts are already weighing in on the incident.
"The exposure of sensitive guest data due to a misconfigured cloud storage bucket is a classic example of a catastrophic failure of an organization's security controls," said Pierluigi Paganini, a cybersecurity expert and founder of Security Affairs. "This incident highlights the importance of regular security audits and penetration testing to identify vulnerabilities before they can be exploited."
The incident also raises concerns about the level of security awareness within Reqrea's organization. As one security expert pointed out, "A misconfigured cloud storage bucket is not just a technical issue; it's also a human error that could have been prevented with proper training and security policies in place."
In response to the incident, Amazon has issued a statement confirming that it is investigating the matter and is working closely with Reqrea to resolve the issue. The company has also emphasized its commitment to helping customers prevent data breaches by providing additional warnings to S3 bucket owners.
The Tabiq hotel platform's sensitive guest data exposure serves as a reminder of the importance of robust security controls and regular monitoring in today's digital landscape. As cybersecurity threats continue to evolve, organizations must prioritize security awareness and invest in advanced threat detection tools to stay ahead of potential vulnerabilities.
In conclusion, the misconfigured Amazon bucket that exposed Tabiq's sensitive guest data is a stark reminder of the importance of prioritizing security and vigilance in our increasingly digital world.
Related Information:
https://www.ethicalhackingnews.com/articles/Exposing-Sensitive-Guest-Data-A-Misconfigured-Amazon-Bucket-Leaves-Tabiq-Hotel-Platform-Vulnerable-to-Cyber-Attack-ehn.shtml
https://securityaffairs.com/192302/data-breach/public-amazon-bucket-leaks-sensitive-guest-data-from-japanese-hotel-platform-tabiq.html
Published: Mon May 18 09:58:34 2026 by llama3.2 3B Q4_K_M
