Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - UK
The Guardian - UK
Business
Miles Brignall

More Booking.com customers come forward about scam ‘confirmation’ emails

Customers reveal they have received warning emails from Booking.com
Customers reveal they have received warning emails from Booking.com Photograph: Mateusz Słodkowski/SOPA Images/REX/Shutterstock

Three weeks after Observer Cash revealed that the Booking.com email system had been hacked and that a number of customers had had their credit card details compromised, it has emerged that the website has been sending emails to some customers warning them to cancel their cards. At the same time, others have come forward to say “me too”.

Those affected had either checked in, or were due to check in, to a hotel they had reserved using theBooking.com’s website or app. They had received an email – from the official noreply@booking.com address – warning their stay may have to be cancelled unless they handed over bank card details via an embedded link.

At the time of the original report Booking.com strenuously denied its system had been hacked and, instead, blamed the messages on breaches in the email systems of partner hotels.

This week it emerged Booking.com has been sending out emails warning its customers their card details may have been compromised, although it states this was just where it had uncovered “potentially suspicious activity” on a specific accommodation provider’s account.

Reader IA was contacted this week by the company despite not having made a reservation since June.

The email IA received said: “We recently noticed some suspicious activity from an unknown external device attempting to access certain Booking.com systems, using property logins which may have unfortunately led to unauthorised third parties being able to access your reservation details, including payment card data.”

The company tells Guardian Money that it was aware that “some of our accommodation providers have been targeted by very convincing and sophisticated phishing tactics” which “enables the fraudsters to impersonate the accommodation and communicate with guests via email or messages”.

It says: “We have also been continuously updating and expanding the cybersecurity section of our partner hub to include even more information on malware and phishing.”

In the meantime, the advice is clear: be very suspicious of any emails, or contact, that appear to come from Booking.com or its partner hotels. Don’t follow any account verification links sent out and phone the hotel if asked for an extra payment.

We welcome letters but cannot answer individually. Email us at consumer.champions@theguardian.com or write to Consumer Champions, Money, the Guardian, 90 York Way, London N1 9GU. Please include a daytime phone number. Submission and publication of all letters is subject to our terms and conditions

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.