A misconfigured Amazon cloud storage bucket has publicly exposed more than one million passports, government IDs, and selfie verification photos linked to Tabiq, a Japanese hotel check-in platform. The incident highlights how storage configuration errors continue to serve as a primary vector for large-scale personal data exposure within digital guest onboarding systems.
According to reporting from Security Affairs, the breach stemmed from a single misconfigured Amazon S3 bucket that was inadvertently left accessible to the public internet. The repository contained identity verification documents submitted by travelers during the hotel registration process. Without proper access controls or authentication requirements, anyone with knowledge of the storage path could view or download the sensitive files.
The exposed dataset centralized highly sensitive biometric and identification records in an unsecured location. Cloud storage misconfigurations remain a persistent operational risk for hospitality technology providers, where rapid system deployment and complex data aggregation can sometimes overshadow strict permission validation. Security analysts consistently identify publicly accessible object storage as a leading cause of modern data leaks, particularly when platforms handle regulated traveler documentation.
At the time of initial reporting, several key details regarding the incident remain undisclosed. Information on how long the bucket remained publicly accessible, whether unauthorized parties accessed or copied the data, and the timeline for formal notifications to affected hotel partners and guests has not yet been made public.
Cloud infrastructure experts emphasize that preventing similar exposures requires rigorous validation of storage permissions and continuous configuration monitoring. As hospitality and travel platforms increasingly digitize check-in workflows and identity verification, enforcing strict least-privilege access controls remains a fundamental requirement for protecting sensitive guest data.
一個設定出錯嘅 Amazon 雲端儲存桶,公開洩露咗超過一百萬份與日本酒店入住平台 Tabiq 相關嘅護照、政府身分證件同自拍驗證相片。呢單事件突顯咗,儲存設定錯誤依然係導致大規模個人資料外洩嘅主要漏洞,特別係喺數碼化住客登記系統入面。
根據《Security Affairs》報道,事件源於單一設定錯誤嘅 Amazon S3 儲存桶,意外地開放予公眾網絡存取。該儲存庫內藏有旅客於酒店登記時提交嘅身分驗證文件。由於欠缺適當嘅存取控制或身分驗證機制,任何人只要知悉儲存路徑,即可直接瀏覽或下載敏感檔案。
外洩嘅數據集將高度敏感嘅生物特徵同身分紀錄,集中存放於毫無保安嘅環境入面。對酒店科技供應商嚟講,雲端儲存設定錯誤始終係一個持續嘅營運風險;系統快速部署同複雜數據整合,有時會令嚴格嘅權限審查被忽視。資安分析師一致指出,公開可存取嘅物件儲存係導致現代資料外洩嘅主因之一,尤其係平台處理受監管嘅旅客文件時,風險更為突出。
截至初步報告為止,事件嘅幾個關鍵細節仍未獲披露。公眾暫時未掌握儲存桶公開可存取嘅確實時長、有否未經授權人士存取或複製數據,以及幾時會向受影響嘅合作酒店同住客發出正式通報。相關時間表至今仍未公開。
雲端基礎設施專家強調,防止同類外洩必須嚴格審查儲存權限,並持續監控設定。隨酒店同旅遊平台日益將入住流程同身分驗證數碼化,落實嚴格嘅最小權限存取控制,依然係保護敏感住客資料嘅基本要求。
一個設定錯誤的 Amazon 雲端儲存桶,公開外洩逾百萬筆與日本飯店入住平台 Tabiq 相關的護照、政府身分證件及自拍驗證照片。此事件突顯出,儲存設定錯誤持續成為數位房客登記系統中,導致大規模個人資料外洩的主要途徑。
據《Security Affairs》報導,此次資安事件源於單一設定錯誤的 Amazon S3 儲存桶,遭無意間開放至公開網際網路。該儲存庫內含旅客於飯店登記程序中所提交的身分驗證文件。由於缺乏適當的存取控制或身分驗證機制,任何知悉儲存路徑者,皆可瀏覽或下載該等敏感檔案。
此次外洩的數據集將高度敏感的生物特徵與身分紀錄,集中存放於缺乏防護的環境中。對於旅宿科技供應商而言,雲端儲存設定錯誤仍是持續存在的營運風險;在系統快速部署與複雜數據整合的過程中,嚴格的權限驗證有時反而遭到忽視。資安分析師一致指出,公開可存取的物件儲存是導致現代資料外洩的主要原因之一,尤其當平台處理受監管的旅客文件時,此風險更為顯著。
截至初步報導之際,有關該事件的數項關鍵細節仍未公開。該儲存桶維持公開可存取狀態的確切時長、是否有未經授權的第三方存取或複製資料,以及向受影響的飯店合作夥伴與住客發布正式通報的時程,目前皆尚未對外揭露。
雲端基礎設施專家強調,防範類似外洩事件必須嚴格驗證儲存權限,並持續監控設定狀態。隨著旅宿與旅遊平台日益將入住流程與身分驗證數位化,落實嚴格的最小權限存取控制,仍是保護敏感住客資料的基本要件。