It sounds like someone was spoofing the SSID where they use the same name as the hotel's SSID but with an open connection. A person will manually connect to the hotel's secure SSID, but if the spoof SSID is stronger then the user's device can jump to the open SSID.