The dark web and Italian hotels: here's what MyDocs revealed about the stolen documents.

Every day, we hand over our documents for one reason or another; whether it's for medical or legal matters or reservations, it's inevitable that countless companies, businesses, and organizations are in possession of copies of their customers' ID cards, driver's licenses, or passports. What we don't think about, however, is the care needed to protect the valuable information contained in these documents.

Shortly after mid-August, a user called “MyDocs” made headlines by flooding a dark web forum with 177,000 images depicting the personal documents of customers of several hotels located in various Italian cities, such as Rome, Milan, Rimini, and Venice. However, Spain was not spared either: a thread containing documents from a hotel in Palma de Mallorca included a rather worrying detail.

The mention of a “private cloud bucket” caught the attention of the Red Hot Cyber team, leading them to assume the existence of a probable unified attack chain, a scenario far worse than a single individual breach of the hotels.