Booking.com Hit By Data Breach

Booking.com says hackers accessed customer reservation data in a breach that may have exposed booking details, names, email addresses, phone numbers, addresses, and messages shared with accommodations. PCMag reports: On Sunday, users reported receiving emails from Booking.com, warning them that "unauthorized third parties may have been able to access certain booking information associated with your reservation." The email suggests the hackers have already exploited customer information.

"We recently noticed suspicious activity affecting a number of reservations, and we immediately took action to contain the issue," Booking.com wrote. "Based on the findings of our investigation to date, accessed information could include booking details and name(s), emails, addresses, phone numbers associated with the booking, and anything that you may have shared with the accommodation."

Amsterdam-based Booking.com has now generated new PINs for customer reservations to prevent hackers from accessing them. Still, the incident risks exposing affected customers to potential phishing scams. The Australian Broadcasting Corporation and several Reddit users say they received scam messages from accounts posing as Booking.com.

Surprised?

[SumDog]

I interviewed for Booking back around .. 2016 I think? Everything was written in Perl. There were no plans to move to anything else. There were very few tests. Developers often pushed straight to production. The recruiter mentioned all of this up front, which was the only positive thing. I'm honestly surprised it's taken this long for there to be a data breach. The place sounded like a shit shop.

Re:Surprised?

[dskoll]

Perl itself is neither here nor there with respect to security. But lack of tests and pushing straight to production... those are WTFs.

Re:Surprised?

[higuita]

perl directly is not a issue, as long you understand what it is doing. Just because is not a hyped language anymore, it still works very well
No tests and push to prod are a problem.

About the hack, i have 4 reservations, yet i only received notification about one of them, that is strange. I have both older and newer reservations of that affected. Maybe it was just the interconnect with other platforms (airbnb? other house renting service?)

Re:

[Anonymous Coward]

Everything was written in Perl.

Perl really isn't that bad. I'd rather use a site written in Perl than Next.js [bleepingcomputer.com] for example.

hacking.com

[suso]

hacking.yeah

Booking contact support sucks

[cristiroma]

Three weeks ago I did a reservation booking and immediately received a message from the "host" to pay for the room within the next 12 hours with a link leading to a booking.com clone website asking card details. It look really legit, except one strange message: "If you don't remember the sum to pay, just enter 350€". Even Google chrome detected this as scam and shown the red warning screen about the site being a phishing danger.

I've reported this issue to customer support (cloned site, screenshots) and their answer was "If you are not comfortable about entering your card details you can try to contact the property directly using their phone number". I wonder how it could have helped?

Lucky I could cancel the reservation without any penalty and I'm really thinking not to use booking in the future. They take the commission but can't even make a simple check about a property which is obviously a scam ...

Very unprofessional.

Re:

[Zocalo]

The issue here might be that the hotel is legit, but their internal reservation system has been compromised. They get the booking.com confirmation, enter it into their system to assign you the relevant room, and the scammers use that info to try and stiff you. The scammer has your details, and combined with the fact that it's a fresh booking, a made up request for some clarity/additional confirmation followed by a request for money is going to press all the buttons for an almost perfect phish.

It appare