[bongodongobob]

I did some contract work for a major hotel chain a few years ago (Windows 2012 server upgrades) and was horrified by their utter lack of security everywhere. Everything was out of date, no patching, super simple admin passwords everywhere. It was crazy. They did have corporate level IT, but from what I remember, it wasn't for any infra, just their hotel related software.

Don't connect to hotel wifi, or if you do, don't do anything important on it.

[lotsofpulp]

~10 years ago, the big hotel brands (IHG/Hilton/Marriott/Hyatt) required their franchisees to install professional networking equipment from vendors like Cisco Meraki or Aruba, to be managed externally by one of the brand's approved network managers (e.g. WorldVue).

It shouldn't be the wild west at those places.

[diggan]

Reminds me some years ago at a company retreat at one of those brands, where we wanted to checks the OpSec of the hotel we were staying at, so I went up to the hotel lobby desk, said I was $NAME_OF_CEO and I had lost my hotel room key and my wallet is in the room, and they straight up gave a new card to me, without any sort of verification at all.

[bongodongobob]

I had the same experience as the other person that replied to you. At the front desk - "Hi, I'm here to do some IT work, is manager around?" "Oh the server room is around the corner, it's unlocked." Didn't need the root esxi password because the IP and password were stuck to the sever with a sticky note.