account hack: how it was done and how to protect yourself

Hackers have obtained the login credentials of an unknown number of hotels on By sending emails on behalf of these hotels, guests are being defrauded. has confirmed that hotels on the platform have become the target of a “very credible and sophisticated” phishing attack. The Amsterdam-based rental platform has reported this to the Dutch Data Protection Authority.

The hackers operate as follows: hotels receive an email enticing them to download a file containing malware. This allows them to take over the hotel’s account. Subsequently, the hackers send a message via’s messaging system to future guests of the hotel, claiming there is an issue with their credit card. If a new payment is not made, the reservation is cancelled. Because the emails are sent in the hotel’s name, and the hackers are aware of their victims’ vacation dates, a relatively high number of holidaymakers fall for the scam.

The exact number of hotels that have been targeted is unknown, and is not sharing specific figures. According to Chief Security Officer Marnie Wilking, it affects “only a small fraction of a percent” of the 28 million accommodations registered on the platform. There are numerous stories on Reddit from victims who have lost hundreds of euros in this manner over the past few months.

Booking emphasizes that the hackers have only obtained login information from hotels on the platform and have not breached their own systems. The company’s staff is working diligently “to assist affected partners in securing their systems and supporting customers who may have been targeted,” according to Wilking. states that hotel guests who have been victimized can contact customer service, and the company will help them recover their money.

In recent months, has been warning hotels on the platform about these phishing attacks. They also employ self-learning systems to detect suspicious activities on the platform. “As a result, the impact of such attacks is gradually decreasing,” says Wilking. advises hotel guests to exercise caution when making payments in general and to never share credit card information outside the website.

According to security experts, is engaged in an arms race with online criminals. The method of scammers asking for money on behalf of hotels has been in use for years, but the ways of breaching systems continue to evolve.

Every hurdle you impose on your customers translates into less income. So, the most severe measures are not always used in combating this type of fraud. This is especially true for hotel fraud because it’s often the guests who bear the costs. How much resources is willing to invest depends on how much damage itself incurs.

About the author: Mia Patel

Mia Patel is a investigative journalist with a passion for unveiling the truth behind complex security breaches. With a background in investigative reporting and a knack for meticulous research, Mia has a track record of exposing corporate misconduct, government cover-ups, and online scams.

Related assays

Apple to gather even more biometric data from users

Sarah Thompson

Our troops probably helped refugees to enter the EU, “I’m not going to find out”

Sarah Thompson

Lithuania plays a victim, Lukashenko plays Erdogan

Sarah Thompson

Leave a Comment