A security lapse at a hotel check-in system in Japan has left over one million customer passports, driver’s licenses and selfie verification photos openly accessible online. The issue was discovered by an independent security researcher after the data store bucket used by the Tabiq system, maintained by Reqrea, was set to public access.

The incident highlights the risks of not adhering to basic cybersecurity practices, with such lapses often stemming from human error or misconfiguration rather than sophisticated attacks. The startup has since locked down the storage bucket and plans to notify affected individuals once its investigation is completed.

Similar incidents involving sensitive government-issued documents have occurred in recent years, including a breach at money transfer service Duc App and a data leak at car rental service Hertz. These events raise questions about how we handle identity verification online, with governments increasingly rolling out age-verification laws that rely on uploading personal information to third-party companies.

This latest incident serves as a stark reminder to businesses and individuals alike of the importance of robust cybersecurity measures. Despite warnings from tech giants like Amazon, it appears some still fail to follow best practices, leaving sensitive data vulnerable to unauthorized access.