Cyber attackers have launched a phishing campaign which attacked the Booking.com partner hotels and then their customers whose information was illegally obtained. As per the report from The Sun on June 3rd, the users received message via WhatsApp and text messages notifying them to change their passwords following a supposed security breach. The message was accompanied by a malicious link which on clicking made the victims give their opponents access to their bookings without their knowledge.
The users then received an additional message urging them to send an advance payment for their booked vacations to a bank account that belongs to the cyber criminals. These messages looked like they were from the real authorities as it included stolen personal information such as names, addresses, phone numbers, dates, booking prices, and reference numbers.
Booking.com said to The Sun that the information was obtained by breaching certain hotels that it works with via a portal website separate from the travel company’s main systems.
Booking.com spokesperson told the Independent that there was no compromise on Booking.com systems and that a small number of properties have been targeted by phishing emails sent by cyber criminals and by clicking on those emails, the properties compromised their accounts. The guests who have been affected has been notified and since they value their customers they are supporting the impacted guests to compensate for any losses occurred and reclaim those from the property.