Booking.com customers warned of ‘reservation hijacking’ after hack
Booking.com customers warned of ‘reservation hijacking’ after hack
Travel booking platform Booking.com is facing a new wave of fraudulent activities called “reservation hijacks” following a recent data breach. Hackers gained access to customer information, which could enable a spike in scams as individuals are lured into transferring funds to criminals. Some users have informed the BBC they have already received suspicious messages. The company claims it has updated security measures for reservations and is emailing affected customers about the increased risk. However, it has not disclosed the exact number of impacted users or the regions involved.
Booking.com stated in emails reviewed by the BBC that “we recently noticed unusual activity affecting several reservations and acted swiftly to address the issue.” The stolen data includes names, email addresses, phone numbers, and details of both past and current bookings. Financial information was not accessed through the company’s systems. Cybersecurity experts note that this data is highly valuable for fraudsters, who are now exploiting it to target unsuspecting customers with more convincing schemes.
“Reservation hijack scams have been around for some time, but this new data makes them much more dangerous because it gives criminals precision as they can reference the real property, the real travel dates, and the right contact details to make the scam feel like routine customer service,” said Luis Corrons, security evangelist at Norton.
Booking.com urged guests to remain cautious of phishing attempts. “Booking.com will never request credit card details via email, phone, WhatsApp, or text, nor will it ask for bank transfers that differ from the payment policy outlined in booking confirmations,” the company added. The breach allows scammers to bypass the need for hacking hotel accounts, enabling them to directly approach customers with tailored information to carry out their attacks.
Previously, reservation hijacks involved hackers breaching hotel accounts on Booking.com to send phishing emails and text messages. The BBC has highlighted similar scams multiple times since March 2023. Numerous individuals have reported financial losses, with one customer describing the experience as “being failed” by the travel firm. While Booking.com had introduced new safeguards before, it acknowledged “no silver bullet” exists to fully prevent such incidents.
“The ongoing incident underscores the escalating threat to the hospitality industry,” remarked Darren Guccione, CEO of Keeper Security. “When a breach at a platform of Booking.com’s scale transitions from data exfiltration to active phishing campaigns within days, it indicates something more deliberate than opportunistic,” he added.
Outside the UK? Sign up for our Tech Decoded newsletter to follow the world’s top tech stories and trends.
