Millions of Booking.com users warned after dangerous hack

Labelled as “reservation hijacks”, hackers accessed customer details that experts fear will fuel a spike in fraud, as travellers are duped into sending money directly to criminals.

Some users have reported receiving suspicious messages linked to their bookings.

Bookin.com says it has reset PINs for affected reservations and is emailing customers to warn them about the increased risk, but the Dutch firm is not disclosing how many people or which regions are involved.

The platform, which has handled almost seven billion check-ins since 2010, confirmed in emails seen by the BBC that it had detected “suspicious activity” affecting several reservations and moved quickly to contain the problem.

The company says the attackers were able to obtain names, email addresses, phone numbers and details of past and upcoming stays, but insists no financial information was taken from its own systems.

Security specialists caution that this level of personal and trip-specific data is highly valuable to fraudsters.

Cybersecurity firm Norton has dubbed the emerging fraud “reservation hijacks” because criminals are contacting users while posing as hotels, inventing urgent issues with reservations to pressure people into sending money.

Booking.com advice for users

These scams have existed for some time, but Norton’s Luis Corrons warns that the newly stolen data makes them “much more dangerous”.

Criminals can quote the real property, real dates and correct contact details, making their messages sound like routine customer service.

Booking.com is urging guests to be on high alert for phishing attempts.

It stresses that it will never ask customers to share card details by email, phone, WhatsApp or text, nor request bank transfers that differ from the payment instructions in the original booking confirmation.

Do you use Booking.com? Let us know in the comments