This sounds like what happens with Hotels.com where the hotel you just booked with said there was an issue with the payment that was submitted, and you must pay with this alternate payment method instead -- it turns out the hotel's account had been compromised and the thief/scumbag/scammer does this to all the hotel's bookings. The one we got a message from, apparently the respective hotel keeps having this happen over and over. My guess is the outdated computer they use has a keylogger or trojan on it and their accounts will just be forever compromised. Fun times.
I did some contract work for a major hotel chain a few years ago (Windows 2012 server upgrades) and was horrified by their utter lack of security everywhere. Everything was out of date, no patching, super simple admin passwords everywhere. It was crazy. They did have corporate level IT, but from what I remember, it wasn't for any infra, just their hotel related software.
Don't connect to hotel wifi, or if you do, don't do anything important on it.
~10 years ago, the big hotel brands (IHG/Hilton/Marriott/Hyatt) required their franchisees to install professional networking equipment from vendors like Cisco Meraki or Aruba, to be managed externally by one of the brand's approved network managers (e.g. WorldVue).
Reminds me some years ago at a company retreat at one of those brands, where we wanted to checks the OpSec of the hotel we were staying at, so I went up to the hotel lobby desk, said I was $NAME_OF_CEO and I had lost my hotel room key and my wallet is in the room, and they straight up gave a new card to me, without any sort of verification at all.
I had the same experience as the other person that replied to you. At the front desk - "Hi, I'm here to do some IT work, is manager around?" "Oh the server room is around the corner, it's unlocked." Didn't need the root esxi password because the IP and password were stuck to the sever with a sticky note.
Don't connect to hotel wifi, or if you do, don't do anything important on it.