A data breach at travel giant Booking.com is leading to a fresh wave of scams recently dubbed “reservation hijacks”. Hackers stole customer data that experts say could lead to a surge in these scams as customers are tricked into sending criminals money. Some customers have contacted the BBC to say they have already started receiving suspicious messages.
Booking.com says it has updated Pins for reservations and is sending out emails to affected customers, warning them of the heightened risk. However, the Dutch company is refusing to disclose how many people have been affected and in which regions. The platform states it has seen almost seven billion check-ins since 2010, making it one of the largest travel services globally.
In emails to customers, the company stated: “We recently noticed suspicious activity affected a number of reservations and we immediately took action to contain the issue.” It further explained that criminals were able to access names, email addresses, phone numbers, and details about past and present bookings. Importantly, it confirmed that customers’ financial information was not accessed from its systems.
Understanding “Reservation Hijacks”
Experts warn this kind of data will be extremely valuable to fraudsters who are now racing to trick unwitting customers. Cyber-security firm Norton has dubbed these scams “reservation hijacks” because criminals contact Booking.com customers pretending to be hotels. Their goal is to trick victims into sending them money based on bogus reservation problems.
Luis Corrons, a security evangelist at Norton, commented: “Reservation hijack scams have been around for some time, but this new data makes them much more dangerous because it gives criminals precision as they can reference the real property, the real travel dates, the right contact details to make the scam feel like routine customer service.”
Booking.com advised guests to remain vigilant to potential phishing attacks. The company emphasized: “Booking.com will never ask guests to share credit card details by email, over the phone, Whatsapp or text, or ask guests to make a bank transfer that is different from the payment policy details in their booking confirmation.”
A Persistent Target
Perhaps due to its massive scale, scammers have long abused the Booking.com platform to target customers. Previous waves of reservation hijacks have involved hacking hotels’ Booking.com accounts to send out phishing emails and text messages. The BBC has reported on these types of scams multiple times since March 2023, with dozens of people contacting them to report financial losses. Booking.com had previously stated it was implementing new safety features but acknowledged there was “no silver bullet.”
The latest hack means that fraudsters no longer need to breach hotel’s Booking.com administration portals. Instead, they can reach out directly to customers with convincing details to carry out their attacks. Darren Guccione, chief executive of Keeper Security, highlighted that this ongoing incident underscores the growing threat to the hospitality industry. He stated: “When a breach at a platform the scale of Booking.com moves from data exfiltration to active phishing campaigns within days, it signals something more deliberate than opportunistic.”
#BookingComHack #DataBreach #CyberSecurity #ReservationHijack #OnlineScams #PhishingAlert #TravelSafety #CustomerWarning #FraudPrevention #TechNews
Leave a Reply