Booking.com under fire for privacy and security concerns

The OTA has come under fire by hotels who allege that it isn’t doing enough to protect them from becoming victims of cyberattacks on its app

Dec 5, 2023

Hotels claim that cybercriminals have infiltrated the administration portals of hotels on the Booking.com app, which allows them to send messages to customers, while posing as hotel staff, to trick them into sending them their payment information.

Key takeaways

  • Hackers are able to breach these systems by first emailing hotel staff while pretending to be a former guest who left their passport in their room. They include a Google Drive link into the email that they claim contains an image of their passport, but it's actually a malicious link that downloads software onto the staff member’s computer that automatically searches for access to Booking.com;
  • Once the hacker is able to find access, they can then see customers who have reservations at the hotel and are able to contact and trick them into sending their payment information, according to cybersecurity company Secureworks;
  • The issue has been prevalent since March, and has affected users in the U.S., U.K., Greece, Indonesia, Portugal, Singapore, Italy, and the Netherlands.

Get the full story at The Street and BBC

Related must-reads