The esteemed online security news site Krebs on Security has published an article regarding a phishing issue on the Booking.com platform. This problem involves fraudulent messages being sent within the Booking.com system to deceive users into providing personal information.
This issue is not new in the online hotel booking industry and has been reported on Thai social networks for quite some time. The modus operandi usually involves hotel guests receiving messages from hotel managers through the system, claiming payment errors or requiring additional verification of identity, along with a URL link to a fake phishing website that closely resembles the real Booking.com site, in an attempt to trick guests into entering further financial information.
Booking.com has confirmed to Krebs that this type of problem stems from the hotel’s computer system being compromised, leading to a deliberate hacking attack to exploit the hotel’s system for phishing purposes (often done through malware), rather than a hack of Booking.com’s system itself. Booking.com mandates that hotel partners use 2FA login for an added layer of security. The company also strives to utilize AI to block deceptive messages approximately 1.5 million times a year by 2023.
Krebs points out that Booking.com’s policy on mandating 2FA for all hotel partners is unclear, as incidents like these continue to occur. He also highlights the concerning trend of a significant amount of hacked hotel account credentials (potentially unbeknownst to owners) being sold on the dark web.
Source: Krebs on Security
TLDR: Booking.com faces phishing issues as hotel computer systems are hacked to send fraudulent messages within the platform, urging users to disclose personal information. Measures such as 2FA and AI usage are implemented, but concerns remain over the security of hotel partner accounts.
Leave a Comment