























Booking.com confirms hack.
NurPhoto via Getty Images
With more than 6.8 billion guest arrivals since 2010, Booking.com is undoubtedly one of the biggest online travel agencies. This makes it a target for hackers, and the company has now emailed users that “unauthorized third parties may have been able to access certain booking information associated with your reservation.” While confirming the data breach, Booking.com also stated that affected users’ PIN codes have been changed, and urged caution regarding potential phone calls or emails from threat actors. Here’s what we know and what Booking.com has said so far.
ForbesAdobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update
Hack attacks targeting the travel industry and its users are not new. Most often, these will involve phishing campaigns such as the ‘I Paid Twice” attacks that hit hotel booking system last year. While this used a fake Booking.com page to launch a ClickFix credential theft attack, the real Booking.com found itself front and center in this newly confirmed security incident.
At this point, there is very little additional information about the nature of the attack itself. A Booking.com spokesperson said, “We recently noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information,” but, perhaps unsurprisingly, did not reveal anything further. What we do know so far is that the company, upon becoming aware of the incident, “immediately took action to contain the issue,” according to the breach notification email, and updated any booking reservation PIN codes associated with affected users.
The number of affected customers is unknown at this stage, but Keven Knight, CEO of Talion, told me that “given that Booking.com is the largest and most widely used travel agency site in the world, this could turn out to be a sizable attack.” Especially as it might not be over, in terms of how threat actors monetize the situation. Armed with genuine Booking.com contact information, and holiday reservations, Knight warned that “victims are still at risk of phishing, and these communications could be highly tailored given the attackers know about the previous holiday bookings.”
I would recommend that all Booking.com users, not just those who have received a data breach incident notification, be highly alert for any emails, messages or phone calls purporting to come from either the travel agency itself or associated hotels and services that request financial or personal data and under no circumstances should you click any links that are provided. Always go directly to the company’s website in your web browser and use a known address. Check your account in the normal way and contact customer support using known methods on the actual website for more help.
ForbesHackers Give Rockstar Games Until April 14 To Pay For Stolen DataBy Davey Winder此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。