Hoteliers and their customers are the target of cyberattacks targeting their interface with the Booking.com reservation platform, alerted Friday the employers’ union of the hotel and catering industry, the GNI, which invites the professional victims to disconnect from the site, to warn their customers and file a complaint.
Since the end of December, cybercriminals have taken control of the interface of certain professionals with Booking.com, thanks to targeted phishing techniques and have sought to extort payment data from Internet users who have used the platform, alerts the GNI in an email to its members.
These messages invite hoteliers to click on a link which contains a file infecting their PC with viruses which seize passwords allowing hackers to modify the “brand name, (the) contact details, rooms and prices” of establishments .
The hackers also pose as the hotel to its customers, making contact either via Booking.com messaging or via WhatsApp, to invite them to click on a link and provide their bank details.
“We don’t know where the security breach comes from, hoteliers or Booking, but the cybercriminal manages to enter the hotelier’s messaging system and recover the information,” Véronique Martin, director, told AFP. of the Europe and digital department at the GNI.
“Hoteliers must file a complaint and customers too, which will make it possible to assess the extent of these attacks,” she said, adding that she had “identified a dozen Parisian hoteliers targeted” by them. “But this is certainly only the tip of the iceberg. We must avoid it spreading throughout France, or even in Europe,” said Ms. Martin.
Parisian hotelier Fabienne Ardouin, who manages the France Albion and Helussi hotels, identified “23 cases of phishing from customers, five of whom clicked on the link and gave their credit card information to hackers”, she told the AFP.
“I immediately cut my connectivity with the site: I no longer have rooms for sale on Booking.com, I have been losing turnover for a week”, says the hotelier who chairs the Digital Commission of the GNI.
Alerted, the platform remained silent, she continues: “My account manager has just told me that they were still looking”.
The GNI seized the cybermalveillance.gouv.fr platform and alerted the Fraud Repression and the Cnil on “the lack of support from Booking.com in this security breach”.
For Gérôme Billois, cybersecurity expert from Wavestone, “hacks of this kind on platforms are extremely common”, with an “increase in quality” of these: “hackers manage to obtain the identifiers and passwords of pass using very well done scripts”.
He calls on the platforms to “put in place procedures to react very quickly” in the event of a cyberattack.
Asked by AFP, the platform affirms that “the security breach does not come from Booking.com” and assures that “the accounts concerned were quickly locked”, and that “the travelers potentially concerned had been informed.”