The way this attack would work is instead of connecting to the hotel wifi, you connect to the bad actor's wifi access point. This access point then connects to the hotel's network. Now all traffic can be intercepted and decrypted on the layer 2 level. However, if using https, the layer 3 traffic is still going to be encrypted. The way around this would be with DNS spoofing. So when you go to gmail.com to access your email, instead you get redicrected to gmaill.com and probably don't notice the difference. Now the secure connection is between your computer and gmaill.com which belongs to the bad actor. they simply pass on the credentials to gmail.com and save them for another day to access your email account.
Chances are you wouldn't have noticed gmaill instead of gmail (just using this as an example).
If the OP only had their data stored locally on their computer and didn't transmit it, then this wasn't the attack vector used.