Photo/Illutration A hotel received this email from someone pretending to be a customer with a reservation. After downloading a file that was disguised as containing requests from a doctor, the hotel’s PC became infected with a virus. (Tatsuya Sudo)

Hackers breached Booking.com, one of the world’s largest online accommodation reservation sites, by posing as hotel staff to steal credit card information from travelers making bookings.

Phishing scams like this have plagued Japan since May.

The headquarters of Booking.com in the Netherlands conceded the damage is occurring on a global scale.

After learning that the stolen card information could have been used to illegally make purchases, the company said, “it is working to recover the money for the affected customers.” The company also emphasized that it has not experienced any breaches of Booking.com’s back-end systems or infrastructure.

Booking.com’s website and app require hotels and travelers to use their own IDs and passwords for access.

According to the company, as well as reports from multiple domestic hotels provided to The Asahi Shimbun, the phishing scam began after someone pretending to be a traveler sent an email written in English to the hotels.

The email contained a link that, once clicked, triggered a virus infection, allowing the hacker to fraudulently obtain hotel IDs and passwords when accessing Booking.com.

The hackers then used these credentials to gain unauthorized access to Booking.com and sent messages to travelers pretending to be hotel staff.

The messages falsely claim that “advance payment is required,” and then force travelers to enter their credit card number and other details into a fake site that resembles Booking.com to steal the information.

20231112-booking2-L
This message was sent from the official Booking.com app to a customer who made a hotel reservation. When the customer replied with the payment method, the person received a link directing them to a phishing site.

As of Nov. 3, at least 68 hotels in Japan reported they had been targeted. The stolen information mainly concerned foreign visitors, the hotels said.

The security company LAC Co. analyzed the virus sent to the hotels and found that Russian hackers are involved.

A Booking.com representative told The Asahi Shimbun that similar cyberattacks occurred in Europe around November last year which then spread worldwide.

The attacks coincided with the lifting of travel restrictions due to the COVID-19 pandemic and the increase in international travel.

The company did not reveal the scale or amount of estimated damages but said some of the 6.6 million facilities that use Booking.com were compromised.

As a rule, financial institutions and the police rely on victims of phishing scams to contact their credit card companies first.

The hotels that provided reports to The Asahi Shimbun said they had advised affected customers to contact their credit card companies as well as Booking.com.

Related News