HACKERS HIT POPULAR TRAVEL PLATFORM - ALARM FOR NAMES, EMAILS AND PHONES OF USERS - Filenews 16/4
Alarm for Booking.com users after a data breach that allegedly gave hackers access to personal information and booking information, paving the way for targeted phishing attacks.
As reported by the BBC, customers of the platform complain that they are already receiving suspicious messages, as the fraudsters seem to have gained access to names, emails, phone numbers, but also details of past and upcoming bookings. For its part, the Netherlands-based company informed that it has sent warning emails to affected users, but did not specify their number or the affected areas.
According to the same medium, the Booking.com's update states: "We recently identified suspicious activity that affected a number of bookings and immediately took action to contain the incident." The company claims that no customer financial data has been leaked.
Cybersecurity experts warn that this data is particularly valuable for scammers, who attempt to exploit unsuspecting travellers.
Norton characterizes these attacks as "reservation hijacks", as the perpetrators pretend to be accommodation representatives and communicate with Booking.com customers, trying to extort money from them citing non-existent problems with reservations.
What are reservation hijacks?
"Reservation hijacks are nothing new, but recent data makes them more dangerous by allowing criminals to use accurate information - such as the actual accommodation, travel dates and contact information - to make the scam look like legitimate customer service," says Norton expert Luis Corrons.
The Booking.com urges its users to be especially cautious of possible phishing attempts, clarifying that "it will never ask for credit card details via email, phone, WhatsApp or SMS, nor will it request a bank transfer beyond the conditions stated on the booking confirmation".
Barrage of attacks on Booking
This is not the first time the platform has been targeted by hackers. As the BBC notes, as early as 2023, incidents of hotel account hacking were recorded, through which messages were sent to customers with payment requests.
However, the new breach seems to be a game-changer, as fraudsters no longer need to access accommodation accounts: they can reach customers directly, using real evidence, significantly increasing the likelihood of fraud.
