A serious security vulnerability has been discovered in the Tabiq hotel check-in system, developed by the Japanese startup Reqrea. Due to a system flaw, passport copies, driver's licenses, and facial recognition selfies of over a million customers were left exposed on the internet. This was reported by Techcrunch.com reports .
Independent security researcher Anurag Sen discovered that a database stored in Amazon cloud storage was passwordless and accessible to everyone without any restrictions. This database was stored under the name “tabiq” and could be viewed by anyone via a browser.
Following alerts from TechCrunch and the JPCERT security team, Reqrea secured the database. Company CEO Masataka Hashimoto stated that an investigation into the incident has been launched and that external consultants are assessing the extent of the data exposure.
Experts note that this incident was not a sophisticated cyberattack, but rather the result of simple human error and failure to follow security protocols. Amazon configures its cloud storage to be private by default, but such data leaks occur frequently due to misconfiguration.
Read “Zamin” on Telegram!
