← Latest news 
Tabiq hotel check-in data leaked when a cloud bucket turned public, exposing over a million passports
Technology
Published on 16 May 2026
The files were accessible with no password, just a bucket name
A hotel check-in platform called Tabiq exposed more than a million customer passports, driver’s licenses, and selfie verification photos on the open web after its operator, Japan-based startup Reqrea, left an Amazon cloud storage bucket publicly accessible. A security researcher discovered the leak by browsing the bucket using only its name “tabiq,” and TechCrunch alerted Reqrea and JPCERT. Reqrea later locked down the bucket, but said it doesn’t know how it became public or whether anyone accessed data beforehand.
- More than 1 million passport, license, and selfie files were exposed
- The leak came from an Amazon cloud storage bucket set to public access
- Anyone could view data via a web browser using only the bucket name “tabiq”
- Reqrea locked the bucket after TechCrunch notified the company and JPCERT
- The indexed files reportedly spanned from early 2020 to this month
- Reqrea plans to notify affected individuals after completing its review
Read the full story at TechCrunch
This summarization was done by Beige for a story published on 
TechCrunch