Booking.com Faces Global Cybersecurity Threat: Reports of Data Breach and Phishing Scam

A cyberattack on Booking.com has been reported, causing widespread concern over the safety of hotels partnered with the organization. The Booking.com cyberattack has reportedly affected hotels in various countries. 

The attackers, masquerading as travelers, have been deploying a sophisticated phishing scam, compromising hotel computers and extracting Booking.com credentials.

Booking.com has confirmed the involvement of hackers in a wide scale phishing campaign and have denied any data breach of backend systems or the organization’s infrastructure.

The modus operandi in this Booking.com cyberattack involves sending infected emails to hotels under the guise of reservation requests. Once these emails are opened and their malicious contents downloaded, a virus infiltrates the hotel’s systems. 

This breach exposes sensitive Booking.com login details, enabling hackers to impersonate hotel staff. The fraudulent messages then target guests with claims requiring advanced payment and soliciting credit card information.

Booking.com cyberattack, phishing scams and more

The Booking.com cyberattack initially surfaced in Japan but is now believed to be part of a larger, orchestrated operation by a prominent threat actor.

In a conversation with TCE, a spokesperson for Booking.com confirmed that several hackers are committing these phishing attacks to partners and travellers associated with Booking.com.

“The current situation is not an isolated incident and phishing attacks and online fraud continues to be a pressing issue across many sectors, including the travel industry. we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners and our customers, who can fall victim to professional scammers”, reads the company statement.

According to Asahi.com, this chain reaction of cyberattack on Booking.com began in Japan when a hotel fell prey to an email from a faux customer, initiating the breach when a disguised file, posing as a medical request, was unwittingly downloaded.

In response to the Booking.com cyberattacks, the organization acknowledged this strange phenomenon of cyberattacks and has assured affected customers that efforts are underway to recover funds lost due to unauthorized purchases made with stolen card information.

Highlighting the extent of the breach, reports as of November 3 reveal that at least 68 hotels in Japan reported being targeted.

The compromised information primarily pertains to foreign visitors. Security firm LAC Co. analyzed the virus involved and identified Russian hackers as the perpetrators.

Cyberattack on Booking.com: Threat actor still unknown

Booking.com, a platform hosting 6.6 million facilities globally, mandates the use of individual IDs and passwords for access to its website and app.

The phishing scam typically initiates with a traveler receiving an email in English, containing a deceptive link. Clicking on this link triggers the malware, allowing hackers to illicitly acquire hotel credentials when accessing Booking.com.

The cyberattacks are not isolated incidents, as Booking.com acknowledged similar occurrences in Europe around November of the previous year, with subsequent global ramifications. These incidents coincide with the relaxation of travel restrictions amid the COVID-19 pandemic, contributing to an upswing in international travel.

As the situation unfolds, concerns about the scale of damages persist. The Cyber Express reached out to Booking.com for an official statement or response regarding the Booking cyberattack. Booking.com confirmed the mass phishing attacks and have shared “practical tip” for the customers: 

• Set up a two-factor authentication for your Booking.com account.

• Carefully check the payment policy details outlined on the property listing page and in the booking confirmation. If a property appears to be asking for payment outside of what’s listed on their confirmation, reach out to our 24/7 customer service.

• Remember that no legitimate transaction will ever require a customer to provide their credit card details by phone, email, or text message.

• Utilize Booking.com’s Trust and Safety Resource Center for information on how to stay safe online and report potentially suspicious activity.

In light of these events, travelers and hoteliers are urged to exercise heightened caution and remain vigilant against potential phishing attempts. Regularly updating passwords and staying informed about cybersecurity best practices is paramount to mitigating the risks associated with such cyber threats.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.