Source: TechCrunch
A misconfigured cloud storage bucket—the most common form of data exposure in hospitality—shows that routine operational infrastructure (hotel registration systems) now holds identity verification data that criminals actively harvest for fraud. The system was public by default, meaning the vulnerability required zero technical skill to exploit and likely persisted for months before discovery. Hotels appear to lack basic audit practices for third-party vendors handling biometric and document data.