This holiday season, you may want to proceed with caution when booking hotels online. One of the biggest online travel agencies, Booking.com, has come under fire by users who allege that the company isn’t doing enough to protect them from becoming victims of cyberattacks on its app, which has resulted in a massive hit to their wallets.
Users claim that cybercriminals have infiltrated the administration portals of hotels on the Booking.com app, which allows them to send messages to customers, while posing as hotel staff, to trick them into sending them their payment information.
Related: Dollar Tree cyberattack steals personal data from millions, here’s who is affected
Hackers are able to breach these systems by first emailing hotel staff while pretending to be a former guest who left their passport in their room. They include a Google Drive link into the email that they claim contains an image of their passport, but it's actually a malicious link that downloads software onto the staff member’s computer that automatically searches for access to Booking.com.
Once the hacker is able to find access, they can then see customers who have reservations at the hotel and are able to contact and trick them into sending their payment information, according to cybersecurity company Secureworks.
The issue has been prevalent since March, and has affected users in the U.S., U.K., Greece, Indonesia, Portugal, Singapore, Italy, and the Netherlands.
More Travel:
- A new travel term is taking over the internet (and reaching airlines and hotels)
- The 10 best airline stocks to buy now
- Airlines see a new kind of traveler at the front of the plane
"While there is no silver bullet to eradicate all fraud on the internet, our dedicated account security team is always monitoring and stopping new threats, as well as implementing new measures to assure the account security of both our customers and partners," said a spokesperson for Booking.com in an emailed statement.
The spokesperson indicated that it is implementing new security features that would "lock or block inactive partner extranet accounts" which the company claims is where it has seen fraudulent activity take place when hackers get unauthorized access to a hotel's Booking account.
"Furthermore, if we detect suspicious activity on a hotel’s account then we take swift action, including immediately disabling the ability for links to be shared via messages on our platform, to help stop fraudulent requests for payments," said the spokesperson.
Cyberattacks across the country have reached a record high so far this year, and the hospitality industry has become a hot target for cybercriminals as it is a breeding ground for personal data.
For example, hotels harbor sensitive information such as customer names, street and email addresses, payment information, dates of birth and phone numbers, all of which are information hackers can easily make a profit off of on the dark web or use for other nefarious reasons.
A report by Cornell University and FreedomPay found that about 31% of hospitality organizations have reported a data breach in their company’s history, and 89% have been affected more than once in a year.
A high turnover rate of users and employees, vulnerable Wi-Fi networks and easier accessibility to company hardware by guests are some of the factors “that make the hospitality industry’s cybersecurity threat profile especially unique,” according to a new report by software company Trustwave.
“With unique considerations, such as the adoption of contactless technology and the steady turnover of customers and employees, the hospitality industry faces a complex security landscape with distinct challenges,” said Trustwave Chief Information Security Officer Kory Daniels in a press release.
Simplify the pulse of the market landscape with bite-sized intel from the masters. Real Money Pro is your dynamic financial ally, transforming market insights into strategic moves. Start your membership to elevate your portfolio.
