“Booking hijacking” following the attack on Booking.com: how the new scheme works
16 April 14:35
Booking.com customers have been warned about a new wave of fraud following a data breach. Experts have already dubbed this scheme “booking hijacking.” After the platform was hacked, attackers gained access to some customer data, which could lead to a surge in phishing attacks and attempts to swindle money from travelers. This was reported by the BBC, according to "Komersant Ukrainian"
Some users have already reported receiving suspicious messages that appear to be correspondence from hotels or customer support.
What happened to Booking.com
The Booking.com platform reported suspicious activity affecting a certain number of bookings. The company stated that it immediately took measures to contain the incident.
In emails to customers seen by the BBC, the service noted that attackers were able to access names, email addresses, phone numbers, and data on past and current bookings.
At the same time, Booking.com asserts that customers’ financial information was not compromised.
The company also reported that it has updated PIN codes for bookings and is sending alerts to users who may have been affected. However, Booking.com does not specify exactly how many people were affected by the incident or in which regions it occurred.
What is a “reservation hijack”?
Cybersecurity experts are calling this new wave of attacks “reservation hijacks .”
The scheme works as follows: scammers contact Booking.com customers, posing as hotels, and try to convince them to urgently transfer money due to alleged booking issues.
Similar schemes have existed before, but now, following the data breach, they have become significantly more dangerous. Criminals can use the actual name of the property, real travel dates, and the customer’s correct contact information, making the messages appear very convincing and resembling a routine service inquiry.
Watch us on YouTube: important topics – without censorship
Why the new data breach makes fraud more dangerous
According to experts, it is precisely access to accurate booking data that makes this new wave of attacks particularly risky.
As Norton representative Luis Corrons explains, criminals can now operate with much greater precision: referencing the actual hotel, real travel dates, and the customer’s correct contact information. As a result, the scam may not appear as suspicious spam but rather as a routine booking service.
In fact, this is a situation where a data breach turns into an active phishing campaign within just a few days.
What Booking.com advises customers
Booking.com has urged users to be especially vigilant against potential phishing attacks.
The company emphasized that Booking.com never asks guests to provide credit card information via email, phone, WhatsApp, or SMS. Additionally, the service does not request bank transfers unless they align with the payment terms specified in the booking confirmation.
This means that any unusual payment requests or urgent requests to update payment details should raise suspicion.
Why Booking.com Has Long Been a Target for Scammers
Due to its scale, Booking.com has long been an attractive target for scammers. Previously, waves of “booking hijackings” were often linked to hotel accounts being hacked within the Booking.com system. After gaining access to the hotel’s admin panel, criminals sent phishing emails and messages to customers.
The BBC has reported on such cases repeatedly since March 2023. In recent years, dozens of people have contacted the editorial team, reporting that they lost money due to booking-related scams.
Booking.com previously stated that it was implementing new security features but acknowledged that there is no universal solution.
Read us on Telegram: important topics – without censorship
Why the current attack could have broader implications
The new attack differs in that scammers now likely do not need to hack into hotel back-end systems to contact victims. Having obtained data from the breach, they can reach out directly to customers using convincing information about their trips.
According to experts, this indicates a growing threat to the entire tourism and hotel industry. When a data breach on a platform of this scale quickly translates into actual phishing campaigns, it no longer looks like random activity but rather a more targeted operation.
What Booking.com users should do
Customers of the service should carefully review any messages related to their bookings. First and foremost, they should pay attention to:
- requests to transfer money urgently;
- requests for repeat payments outside the official procedure;
- messages asking you to send your credit card details;
- emails or messages that mention booking issues but are sent in an unusual way.
It is best to verify any financial transactions only against the official booking details in your account.
Read us on Telegram: important topics – without censorship
