Reqrea Exposes 1 Million IDs via Tabiq Cloud Bucket, Then Locks It Down

2 articles · Updated · TechCrunch · May 15

More than 1 million passports, driver’s licenses and selfie verification photos tied to Reqrea’s Tabiq hotel check-in system were left openly accessible on the web until the company secured the data after being alerted.
Anurag Sen found the leak stemmed from a publicly exposed Amazon storage bucket named “tabiq,” whose files could be viewed in a browser without a password and dated from early 2020 to this month.
Reqrea said it is still determining the full scope, does not know how the bucket became public, and plans to notify affected individuals after reviewing logs for any prior access.
The exposure highlights how major data incidents still often result from basic cloud misconfigurations rather than sophisticated hacks, even as hotels and other businesses increasingly collect government IDs for verification.

A million passports were exposed by a hotel tech firm. Is your digital identity safe on your next vacation?

After countless data leaks, should cloud providers be forced to make security foolproof for their customers?

Tech firms promise innovation but repeat basic security errors. Why is the digital front door still left wide open?