Accommodation provider got hacked - are my credit card details secure?

Forums › Travel (planes, train, cruise) › Accommodation provider got hacked - are my credit card details secure?

Lightbulb

119 posts

Master Geek
+1 received by user: 10

ID Verified

Lifetime subscriber

#306844 26-Aug-2023 18:35

I've had an interesting experience when booking accomodation in London using booking.com

I won't name the place, but about a week after I successfully booked the accommodation, I received an email from booking.com saying that I had a new message from the email provider. As usual, the message appeared in the body of the email and was as follows (i've partially obscured the link):

Naturally I was suspicious and wasn’t going to click the link. I assumed it was a scam but decided anyway to log into my booking.com account. To my surprise, I found the same message from the accommodation provider.

I still wasn’t going to click the link, but instead messaged the accommodation provider and, yes, after some investigation at their end, I received a reply to the effect that they had been hacked.

This got me thinking a bit more, fearing that someone could have got hold of my credit card details. In particular:

How does booking.com handle credit card details

Are they held securely

Importantly, do the accommodation providers know the details of the credit cards

How is the CCV treated

Same comments apply I suppose to lots of other booking sites

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3120683 26-Aug-2023 22:07

I wouldn't do it. If the provider was hacked, the scammers could easily get into booking.com using their credentials.

From there they could try to get more stuff from your card and knowing you would get a notification, ask for the code - bypassing 2FA.

If you can, call the provider and ask if that message is real. Do not click any links. I'd recommend cancelling the card too.

I don't know if booking.com passes your card details but better be safer than sorry.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

mentalinc

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

#3120685 26-Aug-2023 22:47

@freitasm - maybe change the title as booking.com hasn't been hacked from the looks of this.

This looks more like a scam listing, where you have booked with them and now they are trying to steal money from your credit card.

Similar to selling a car you don't actually own.

I beat if you did a reverse image search of the photos you'll find they are from somewhere else.

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#3120686 26-Aug-2023 23:16

I wouldn't touch those links with a 50-foot pole. It's possible the accommodation provider has been hacked as MF has stated, and then used those credentials to try and contact their customers to try and trick them into providing funds.

Assume no communication with them is actually with *them*. Open a support case with Booking.com and let them deal with it.

The wording on that looks dodgy and the start of the link looks suspicious. No matter how worried you are, do not click it, and especially, don't provide your CC details.

URX1.com Whois:

Expires On2024-07-23
Registered On2023-07-23
Updated On2023-07-23

Avoid!

Handle9

11924 posts

Uber Geek
+1 received by user: 9675

Trusted

Lifetime subscriber

#3120691 27-Aug-2023 01:46

mentalinc:
@freitasm - maybe change the title as booking.com hasn't been hacked from the looks of this.

This looks more like a scam listing, where you have booked with them and now they are trying to steal money from your credit card.

Similar to selling a car you don't actually own.

I beat if you did a reverse image search of the photos you'll find they are from somewhere else.

Nah, it’s relatively common for accomodation providers to have their login details compromised. Most of them are small businesses and not exactly secure in their passwords etc.

I had it happen a couple of months ago with a booking, I contacted the accomodation provider and they confirmed it was bogus.

mentalinc

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

#3120702 27-Aug-2023 07:54

Agree, but the title has been changed since I posted, originally it made it sound like booking.com itself had been compromised (compared to a person/small company on the platform)

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

Lightbulb

119 posts

Master Geek
+1 received by user: 10

ID Verified

Lifetime subscriber

#3120715 27-Aug-2023 09:06

An update:

First, this is definitely not a scam listiing. It's a relatively well known institution.

I asked the accommodation provider (AP) whether they held the held my card details. They replied, reiterating not to click the link (which I have no intention of doing), that they have no access to the actual card details; all the AP can do is request payment from my card to their nominated bank account.

I think that this is likely to be correct, although as Mauricio has suggested, that does not stop someone trying.

I'm really loathe to cancel my card. It's a UK HSBC debit card and I really don't want to go through the inevitable tortuous HSBC process of getting a new one whilst I am in NZ. It's only linked to a cheque account fed from time to time when required by my HSBC savings account

I wish I had used my Wise virtual card!!!