I was scammed via booking.com

Given that the message was sitting in my booking.com profile inbox I am convinced booking.com is compromised but they won't admit it as their business will take a huge hit. Other stories online suggest the same.
I'm pretty sure it's not booking.com themselves compromised but the hotel. Booking.com provides a messaging channel from the hotel to you that's why it's in your inbox in the site, but it's the hotel's side of that channel that has been hacked.
 
I was a happy customer of booking.com for years, I have probably spent five figure via their platform.

Last year I had a really bad experience with an apartment which was basically filthy. After going through all the complaints all I got was a 10% voucher. I haven’t used them since.

It looks like booking.com scaled up massively and their customer service and fraud monitoring just hasn’t kept pace.
 
Thanks for the heads-up on this, Brendan and others that have had similar experiences.

I dealt with booking.com with no issues on numerous occasions circa 2020. I am another that prefers booking with hotels directly in general but the deals were better on booking.com (at least back then) plus the convenience frankly. I haven't used them since 2020 or possibly 2021 so can't comment on recent experiences. Does look as though they have an issue.
 
Not at all. I had tried to book the hotel directly and it was cheaper on booking.com or maybe it was the same price with free cancellation.
Yes for me this is a regular occurrence. Despite the hotel saying that they offer the best price if you book direct you often find that booking via Booking.com can be cheaper. I waste my time contacting the hotel to ask them why is this the case. You find that in a few days the hotel prices have changed. It annoys me that I have alerted the hotel to this and wonder why they can't be bothered to do it themselves.

I have booked for Lisbon for March. I contacted a hotel and they were doing me a special offer that was actually more expensive than Booking.Com. I responded to them about this and all that they said was that Booking.com do special offers from time to time or if you become a Genius member. The hotel suggested to me that I take the price Booking.Com was offering. I didn't and have since booked another hotel near the one that were not interested in me.
 
If the hotel's Booking.com account was accessed and taken over by scammers then I wonder how they managed to do this if such access required the account username/password AND a two factor authentication PIN sent to a secure device in the account holder's possession?


 
@ClubMan

Hotels have high turnover and many staff most of whom are not very well paid. Hotels also are unregulated for cyber risk to my knowledge

I would expect hotels to be an order of magnitude more vulnerable to a hack than something like an insurance provider.

But really booking.com should have better scam detection techniques given how widely their platform is used.
 
I'm on holidays right now having used booking.com. I'm pretty sure my card details are saved by them and I need to just add my csv number when booking. This is making me think I should remove the card details.
 
I'm on holidays right now having used booking.com. I'm pretty sure my card details are saved by them and I need to just add my csv number when booking. This is making me think I should remove the card details.
you're probably fine since it's not booking.com getting hacked, it's the hotels themselves

of course the ass-backwards way that credit cards work online is a calamity in and of itself, so the fewer places they are stored the better, and ideally in future making online payments will change more to a model of "here's the money" instead of "here's my wallet, please only take what you should from it, and don't take more in future without my consent"
 
I was booking on Airbnb and used PayPal. Does anyone know if this is safer than using credit or debit cards directly?
 
This kind of system is probably very secure. I’ve had card details stored with big online providers for 20 years and never once had a fraud attempt.

The vulnerability here was in the messaging system used by the hotels.
Agreed as it still uses the bank's 2 factor authentication on the phone.
 
I'm on holidays right now having used booking.com. I'm pretty sure my card details are saved by them and I need to just add my csv number when booking. This is making me think I should remove the card details.
I never save my card details on any site, no matter what or who they are. Two factor authentication is a security but, as said by other posters, you have to always think of possible scam or fraudulent activity.
 
I was booking on Airbnb and used PayPal. Does anyone know if this is safer than using credit or debit cards directly?
I don't see anything about PayPal that makes me consider it more or less secure. Credit cards at least come with insurance if you can demonstrate fraud; neither debit cards or PayPal have this.


This kind of system is probably very secure. I’ve had card details stored with big online providers for 20 years and never once had a fraud attempt.

The vulnerability here was in the messaging system used by the hotels.

Have a look at https://haveibeenpwned.com/ and see if your email has been involved in any data breaches. I've found mine in a few going back many years, including some where credit card details could have been part of the breach. I've usually never heard from the data service providers involved that they had been breached.
 
Is there any come back here where scammers have gained access to the hotels credentials for booking.com? In my case I received a message from the App and an email from a Trusted (according to their website) Booking.Com domain. I proceeded to verify my details the night before the booking. I approved an amount of €364 against Booking.Com on my bank app. When the amount hit my card it was against a Mobile Phone company in France.
Hotel are blaming booking.com and booking.com are blaming the hotel. Credit card company won’t refund as I approved the transaction. Booking.com are drawing out the process of investigating and won’t answer my emails. Can I take them to court for failing to secure my data?

Any suggestions?
 
A disgruntled former staff member might misappropriate the hotel's Booking.com account username and password but what about the 2FA device also needed in order to log in?