The woman checked in to the Canada Inns Fort Garry on Monday, and got a phone call from a stranger that night.
"He didn't actually say who he was," she said. "He said he was a guy sitting in the pub of the hotel having a drink on his cellphone, and he could access all of this information."
CBC is concealing the woman’s identity because she is afraid her privacy has been violated.
The stranger had an urgent warning for the woman.
"He said, 'I know your husband's name. I see your passport. I see all your computer information. You have to log off of your Wi-Fi right now because I can see all your credit card numbers, I can see your photos -- everything!' He could see everything. It was quite creepy," she said.
The woman realized her laptop's file sharing had been activated from the last time she was on her home network.
She travels internationally on a regular basis. and keeps a copy of her birth certificate and passport on her computer as backup.
Now, she doesn't know if anyone else accessed or copied her files while they were visible.
Canad Inns could not be reached for comment.
‘This happens every day’
Michael Legary with Winnipeg-based internet security company Seccuris, said it's a common problem.
"Anyone on that same network can see your computer, and if you have shared files open or things not locked down, others on that network can browse your system just as easily as you could at home," said Legary.
"This is extremely common and to the point where a lot of folks don't realize how to do the basics of locking down their computer … other individuals actually target that and look for people using hotel services in an unprotected way so this happens every day.”
He said if a computer’s file sharing is left open on a public network, it means others might be able to see and access music files, photos, financial information, resumés or word documents. That leaves those files open to be copied, altered, destroyed or encrypted.
Leaving file sharing open also makes hotel guests vulnerable to identity theft.
"Depending on what the person has on their system, they might have credit card information, personal health information, in this case passport information, so it can be used to create a fake identity, make false purchases,” said Legary.
Tips to protect yourself
Legary gives these tips to hotel guests:- Always turn your computer firewalls on and turn file-sharing settings off.
- Try not to use hotel Wi-Fi at all; instead, tether electronic devices to phones.
- Use a VPN, or virtual private network. VPNs can be downloaded for free on smartphones, tablets and computers. They create a protective "tunnel" between the user and the internet source.
He said most hotel chains haven't updated their Wi-Fi service packages in years, and introducing security measures to protect guests could be costly.
"The challenge that a lot of them have is that no one wants to pay for the internet so the costs for securing it become that much harder," he said. "The other challenge for securing it is that they have to look at certain kinds of information and that leads down a slippery slope of what should they filter and what shouldn't they."
There is a simple option available, though.
Hotels have ‘simple fix’ available, expert says
"A simple thing called network segmentation allowing only your computer to see the internet and not the rest of the people on the network is one very small, cheap step that almost any hotel could do but many don't," he said.
Legary estimates implementing network segmentation would cost the average hotel chain $10,000 to $15,000.
As for the woman in Winnipeg, she said she’s unnerved and feels violated after the phone call.
But she is also thankful for the heads-up.
"It could have been that I was wiped out. My husband and I could have been wiped out of all of our funds,” she said.
Now, she has changed her computer's privacy settings and isn't taking any chances.
"New credit cards, new banking numbers,” she said. “It’s a huge hassle. I don't want to do that. Nobody wants to do that, but I guess I need to do that right now.”Suggest a correction