Economy

A 20-year-old Spanish hacker was arrested Wednesday after allegedly exploiting a vulnerability in online payment systems to stay in luxury hotels for as little as one euro cent per night, Spanish police announced.

The individual, whose name has not been released, allegedly modified the transaction validation process when making reservations through a prominent international online payment platform. This allowed the system to authorize payments for significantly reduced amounts, according to a statement from the Spanish National Police.

The scheme came to light when the hacker was apprehended while staying at a high-end hotel in Madrid, having booked a four-night stay valued at 4,000 euros but paid a fraction of the cost. Authorities believe the suspect had repeatedly used the method, causing an estimated economic loss of over 20,000 euros to the hotels.

“The cybercriminal” selected the online payment option and then altered the transaction validation process, enabling the system to approve the booking after entering only one cent, police detailed in a press release. This method of operation, authorities stated, had not been previously detected.

Beyond the reduced room rates, the hacker as well allegedly consumed items from hotel minibars without paying, further contributing to the financial damage. The investigation is ongoing and authorities are working to determine the full extent of the fraudulent activity and whether other hotels may have been affected.

The case highlights potential vulnerabilities in online payment security within the hospitality industry. Police have not released details about the specific platform exploited, citing the ongoing investigation.

A message displayed on the NordVPN website Wednesday directed users to disable the service or configure “split tunneling” after the site experienced issues with bot detection. The message, appearing in multiple languages including English, Dutch, and French, offered support for further assistance.

The disruption comes as virtual private networks (VPNs) are increasingly scrutinized for their impact on online services. While VPNs enhance privacy by encrypting internet traffic and masking IP addresses, they can also interfere with security measures employed by websites and applications. Split tunneling, a feature offered by many VPN providers, allows users to route specific applications or websites outside the encrypted VPN tunnel, while directing other traffic through it.

According to PCMag, split tunneling addresses compatibility issues that can arise when using a VPN. Some platforms, such as banking services and streaming platforms, may not function correctly with the encryption a VPN provides. By selectively bypassing the VPN for these services, users can maintain access while still benefiting from the VPN’s security features for other applications.

The feature works by allowing users to choose which programs connect directly to the internet, foregoing encryption. This can be particularly useful for latency-sensitive applications like online gaming, where even slight delays can impact performance. As noted by CNET, split tunneling essentially enables the simultaneous employ of two network connections: one secured by a VPN and one that is not.

NordVPN offers three types of split tunneling: inverse split, app-based split, and URL-based split. Inverse split tunneling is considered the most secure, allowing only trusted programs to connect directly to the internet. App-based split tunneling filters traffic from selected applications through the VPN, while URL-based split tunneling allows users to exclude specific web addresses from VPN protection.

However, the effectiveness of split tunneling has been questioned. A recent post on Reddit detailed user experiences with NordVPN’s split tunneling feature, reporting consistent failures. While the cause of these failures remains unclear, it highlights potential reliability issues with the technology.

VPN Analysis reported that configuring a VPN to route only game traffic through it, while allowing other apps to use a regular connection, can reduce strain on the VPN and potentially resolve issues with bot detection. This suggests a possible connection between the NordVPN disruption and the load on its servers.

Norton VPN currently offers split tunneling as a feature, allowing users to access content and maintain privacy. Surfshark refers to its split tunneling feature as “Bypasser.” Not all VPNs offer split tunneling, and availability can vary across platforms, with limited support on macOS and iOS.

The mayor of Saint-Antoine-de-Tilly, Christian Laroche, and municipal councillor Jean-Yves Perreault resigned on Tuesday evening, February 17, 2026, following weeks of escalating tensions with residents over a significant property tax increase. The resignations prompted the cancellation of a regularly scheduled council meeting due to a lack of quorum, according to a statement posted on the municipality’s Facebook page.

The catalyst for the current crisis was a 17.1% average increase in property taxes adopted by the municipal council in January. Citizens voiced their concerns and frustrations on social media, questioning the rationale behind the increase, according to reporting from TVA Nouvelles and Le Soleil. The discontent quickly evolved into what remaining councillors described as “disrespectful” and “mesquin” behavior directed towards elected officials.

In a joint statement released by the remaining members of the council, they detailed a deteriorating climate marked by personal attacks and a departure from constructive public debate. “Some citizens have adopted petty and disrespectful behavior towards elected officials, far exceeding the limits of public debate,” the statement read. The councillors lamented the absence of an opportunity to present their vision, stating it was “neither improvised nor imposed.”

The resignations raise concerns about the stability of the municipal government. The statement from the council warned that further resignations could lead to the municipality falling under the administration of the Commission municipale du Québec. The municipality, with a population of 1752, is located in the Lotbinière regional municipal county, approximately 40 kilometers south of Quebec City.

The cancelled council meeting was to have included confirmation of Councillor Perreault’s resignation, as per the published agenda. The municipality has not yet announced plans for by-elections or interim leadership arrangements. As of Wednesday, February 18, 2026, the Commission municipale du Québec has not issued a statement regarding the situation in Saint-Antoine-de-Tilly.