Booking.com hack
#1
Original Poster
Join Date: Jan 2003
Posts: 4,067
Likes: 0
Received 0 Likes
on
0 Posts
Booking.com hack
Just a heads up for people. When I was in Italy, I received an email purportedly from Booking.com saying that I needed to provide my credit card info so the hotel could do a test charge to make sure the card is active, and if I didn't, my reservation would be cancelled. I know some hotels do this (at least one of mine did), but I was immediately suspicious because Booking already has the info, plus they didn't give the name of the hotel.
I responded, asking for the name of the hotel (of course not giving them any info) and did not hear from them. A couple days later, I received another email, again threatening cancellation.
I contacted Booking, but they weren't able to give me an email where I could forward these emails. I meant to call them when I got home, but I'm afraid I had a lot going on and didn't.
So be careful!
I responded, asking for the name of the hotel (of course not giving them any info) and did not hear from them. A couple days later, I received another email, again threatening cancellation.
I contacted Booking, but they weren't able to give me an email where I could forward these emails. I meant to call them when I got home, but I'm afraid I had a lot going on and didn't.
So be careful!
#2
Join Date: Dec 2006
Posts: 23,323
Likes: 0
Received 0 Likes
on
0 Posts
I'm pretty sure you're describing a hack of the Booking.com system -- a HACK, not a SCAM. I've gotten the kinds of message you describe twice now (different hotels). I reported them to booking.com and was assured that they are working to resolve it. You were right to refuse to send the CC information.
#3
Join Date: Jan 2003
Posts: 34,933
Likes: 0
Received 0 Likes
on
0 Posts
I imagine you can tell by the email address that sent it. That is odd because you can't make a reservation to begin with without giving a credit card. So somehow they hacked in enough to know you had a reservation with booking and your email but not enough to get your CC info. Which is good, I suppose.
#5
Join Date: Dec 2006
Posts: 23,323
Likes: 0
Received 0 Likes
on
0 Posts
I agree that it's not good, except that they can't actually get the CC info. I just wanted to clarify that it's not booking.com's fault -- it may be a scam, but not one by booking.com! Sorry I wasn't clearer in my initial post.
#7
Join Date: Dec 2006
Posts: 23,323
Likes: 0
Received 0 Likes
on
0 Posts
Geez, I can't even spell anymore! "com'slt" should be "com's fault." I agree that it is a scam, SusanP, and suspect (and hope!) that people will figure out what we mean and avoid falling for it. Thanks for mentioning it on Fodor's!
Trending Topics
#8
That same happened to me with the Holiday Inn Express LHR Terminal 4 -- the hotel told me their own system had been compromised (my guess via some breech in the Booking , com system) and there had been a lot of calls from confused guests.
#9
Join Date: Sep 2013
Posts: 969
Likes: 0
Received 0 Likes
on
0 Posts
This does not (necessarily) seem related but I recently got a message from one of my upcoming bookings via Booking where they asked me to confirm it again because of a glitch in their system.
Because I cannot reconfirm without re-booking, I've ignored the message. If they have a glitch, they should be contacting Booking, not me.
Consequently, I was able to book with another property that is highly recommended here and I actually needed to cancel the original property anyway.
After this report, makes me even more suspicious, to be honest.
Because I cannot reconfirm without re-booking, I've ignored the message. If they have a glitch, they should be contacting Booking, not me.
Consequently, I was able to book with another property that is highly recommended here and I actually needed to cancel the original property anyway.
After this report, makes me even more suspicious, to be honest.
#10
Join Date: Dec 2006
Posts: 23,323
Likes: 0
Received 0 Likes
on
0 Posts
I would strongly recommend that anyone who has a problem involving an unexpected communication from booking.com contact them directly. My experiences have been that they are very responsive. They can only address hacks if they know about them!
In the first of my two experiences, the hotel at issue indicated that they believed their system had been compromised and said they had been deluged by concerned guests-to-be. Staff at the hotel involved in the 2nd episode weren't sure what had happened, and also said that they'd had lots of calls from confused people. Neither of my reservations had actually been affected.
From what little I know, my guess is that some entity(ies) have figured out how to hack into the booking system and through that "portal," they've gotten into some of the IT systems of participating hotels. I could be wrong!
In the first of my two experiences, the hotel at issue indicated that they believed their system had been compromised and said they had been deluged by concerned guests-to-be. Staff at the hotel involved in the 2nd episode weren't sure what had happened, and also said that they'd had lots of calls from confused people. Neither of my reservations had actually been affected.
From what little I know, my guess is that some entity(ies) have figured out how to hack into the booking system and through that "portal," they've gotten into some of the IT systems of participating hotels. I could be wrong!
#14
Lots of reasons....ease of booking and cancelling. Clarity on exactly what one is booking. No language barrier. Sometimes better price or cancellation policy.
I often make a month's worth of bookings at once, and it's easier for me to do so using one or two platforms vs contacting each property directly. The property can be contacted via the Booking.com website if one has questions or wants to verify a booking. Same holds true for Hotels.com, Air BNB and VRBO.
I usually compare prices/cancellation policies on booking sites with the accommodation's site (if they have one) and use whichever has the best price/cancellation policy.
I often find apartments on Booking.com that don't have their own site as they're a small business. I'd not have learned about their property at all were it not for Booking.com (or whatever platform they're listed on).
I've had trouble booking apartments in Europe directly...sometimes the owner isn't set up to take credit card payments. Sometimes they'll accept cash on arrival, other times they use a third party system for taking credit card payments, so one doesn't really know who they're dealing with or if the money will be returned in case of cancellation. Sometimes they want a bank transfer, which is expensive and cumbersome. Sometimes they're busy running their business and don't get to their emails quickly.
I have two month long trips to Europe coming up and both were booked using a combination of Booking.com, Hotels.com, Air BNB, and the hotel/accommodation owner.
Just this week I booked a spontaneous road trip here in the US exclusively using Hotels.com. The whole trip was booked in under an hour.
Sure, it's easy enough to book with a property directly if you know where you want to stay, and it's easier to book hotels directly than apartments. But often times, one needs to research various options, and booking sites provide a concise list of properties available for your dates, etc. Booking.com and other booking sites can be a valuable tool.
I often make a month's worth of bookings at once, and it's easier for me to do so using one or two platforms vs contacting each property directly. The property can be contacted via the Booking.com website if one has questions or wants to verify a booking. Same holds true for Hotels.com, Air BNB and VRBO.
I usually compare prices/cancellation policies on booking sites with the accommodation's site (if they have one) and use whichever has the best price/cancellation policy.
I often find apartments on Booking.com that don't have their own site as they're a small business. I'd not have learned about their property at all were it not for Booking.com (or whatever platform they're listed on).
I've had trouble booking apartments in Europe directly...sometimes the owner isn't set up to take credit card payments. Sometimes they'll accept cash on arrival, other times they use a third party system for taking credit card payments, so one doesn't really know who they're dealing with or if the money will be returned in case of cancellation. Sometimes they want a bank transfer, which is expensive and cumbersome. Sometimes they're busy running their business and don't get to their emails quickly.
I have two month long trips to Europe coming up and both were booked using a combination of Booking.com, Hotels.com, Air BNB, and the hotel/accommodation owner.
Just this week I booked a spontaneous road trip here in the US exclusively using Hotels.com. The whole trip was booked in under an hour.
Sure, it's easy enough to book with a property directly if you know where you want to stay, and it's easier to book hotels directly than apartments. But often times, one needs to research various options, and booking sites provide a concise list of properties available for your dates, etc. Booking.com and other booking sites can be a valuable tool.
Last edited by Melnq8; Jul 5th, 2024 at 05:45 AM.
#15
Join Date: Oct 2013
Posts: 8,114
Likes: 0
Received 0 Likes
on
0 Posts
I'm almost certain the hotel's site was hacked, not the site of booking.com. The hotel's database would typically have a notation that the reservation was made through booking.com but they wouldn't have the credit card information. That's why they would send you a phishing email pretending to be booking.com.
#16
Join Date: Jan 2003
Posts: 34,933
Likes: 0
Received 0 Likes
on
0 Posts
oh, that's a good point, I bet you are right. And a lot of hotels might not have as good security as major sites like booking (although they sure aren't immune, all big entities are hacked it seems to me, even places like Social Security Admin).
#17
Join Date: Oct 2013
Posts: 8,114
Likes: 0
Received 0 Likes
on
0 Posts
Anyway, maybe you should contact the hotel and tell them you think they might have been hacked.
#18
Join Date: Oct 2008
Posts: 2,641
Likes: 0
Received 0 Likes
on
0 Posts
This same thing happened concerning a hotel on our past trip. I may have gotten, over the space of two weeks in March, three suspicious emails from the faux Booking.com people. I just kept re-checking my own Booking.com account reservation, which was always confirmed, very sure this was a fraud. Booking.com, the real one, finally sent an email alert about the fraudsters, and the hotel itself sent out an alert. If I recall correctly, Booking.com also had a little notice on their website.
As others have assumed, it was the hotel system itself that was hacked, and the attack never impacted my credit card.
As others have assumed, it was the hotel system itself that was hacked, and the attack never impacted my credit card.
#19
Join Date: Jan 2003
Posts: 34,933
Likes: 0
Received 0 Likes
on
0 Posts
In fact, there were articles on this in various publications this year. There is even one on fodors website in the News section dated Feb 1, 2024. Most people don't even read the news anymore. There is one on bbc.com last December also.