The cyberattack on Booking leaves travelers without accommodation in high season

Experts warn that stolen data is being used for scams, some tourists discover upon arrival that their room is no longer available

Dos turistas llegan con su perro a su hotel. Reservas. Recepción.
Dos turistas llegan con su perro a su hotel. Reservas. Recepción.

Months later of the cyberattack suffered by Booking.com which occurred last April, cybersecurity experts warn that the consequences are beginning to emerge in the middle of the holiday season.

The platform confirmed then the unauthorized access to personal data and reservation details of some users, information that would now be being used by criminal groups to commit targeted fraud.

According to industry experts, the real impact of a leak usually arrives months later. With names, phone numbers, emails, and reservation details in their possession, cybercriminals can impersonate the hotel or the platform itself to request additional payments, modify information, or generate incidents that the traveler discovers when they are about to travel or even upon arrival at their destination.

 

From cyberattack to problems during vacation

"The difference compared to other fraud campaigns is that the criminal knows real details of the trip. They know where you are staying, when you are traveling, and even the amount of the reservation. It is very difficult for the user to suspect that they are a victim of a phishing attack," explains Sergio García, manager of the technology company i3e.

The company warns that these scams can go beyond financial loss. In some cases, travelers find themselves with modified or canceled reservations, or with discrepancies between the information they have and what is listed at the establishment.

"The worst-case scenario is that the user discovers the problem upon arrival. After hours of travel, they may find that their reservation does not appear, has been modified, or there is no availability. In the middle of high season, resolving such a situation can be very complicated and costly," points out García.

Added to this is the complexity of subsequent claims. When third parties who have taken advantage of data obtained in a leak intervene, determining responsibility is not always easy, and many affected individuals are forced to bear additional expenses for accommodation or travel while the incident is resolved.

 

How to avoid being left without a room and without money

Given the increase in these cases, specialists recommend verifying the status of the reservation directly with the accommodation a few days before the trip and distrusting any communication that requests additional payments outside of official channels.

"If we receive an email or message requesting an urgent transfer or the update of bank details, we must be suspicious, even if it includes real information about our reservation. Direct verification with the hotel remains the best protective measure," states García.

Experts also advise keeping payment receipts and reservation confirmations, as well as contacting the establishment again within 48 hours before the trip. "The leak has already occurred and the data is circulating. The important thing now is to prevent that information from turning into a fraud capable of ruining a vacation," concludes the manager of i3e.