Booking.com: Unauthorized access by criminals discovered
Booking.com admits unauthorized third-party access to booking information. Affected customers are being informed, their PINs updated.
(Image: DenPhotos / Shutterstock.com)
Recently, Booking.com has been sending emails to customers admitting unauthorized third-party access to booking information. In further emails, affected individuals receive new security PINs for their bookings.
There are no indications of this on Booking.com's website, but the company admitted unauthorized data access when asked by heise security. “We recently detected suspicious activity where unauthorized third parties gained access to some of our guests' booking information,” Booking.com explains. Upon discovering the activity, the company took measures to contain the problem. “We have updated the PIN numbers for these reservations and informed our guests,” the company further explains.
Possible access to personal data
Booking.com further admits that “email addresses, phone numbers, and booking data related to the affected reservations may have been accessed,” but no access was made to physical or postal addresses. The company is also confident that no customer payment or financial details have fallen into the wrong hands.
The company also offers practical tips and advises customers to always be vigilant regarding potential phishing attempts. Booking.com would never ask for credit card information over the phone, email, WhatsApp, or SMS. Nor would it request bank transfers that deviate from the payment terms in the booking confirmations. Should customers have concerns, they should contact customer service, which is said to be available around the clock.
Videos by heise
Exemplary email texts from information to affected customers can be found on Reddit, for example. These are genuine messages – the company is indeed updating booking PINs. However, Booking.com does not explain how the unauthorized access could have occurred. The portal has been struggling with such problems for a long time. In mid-2023, for example, Extranet access of South Tyrolean hotels to Booking.com was compromised, leading to unexplained phishing incidents. It even seems that the entire hotel industry is impacted. Best Western Hotels have also reported worldwide cyberattacks on tourist booking systems since February of this year.
(dmk)
