2

I keep receiving scam emails from a hotel I booked on booking.com (see Booking.com customers targeted by scam ‘confirmation’ emails — The Guardian). I warned the hotel last week and still get those messages every day. Obviously the security of their devices is compromised and they aren't doing much about it. I am coming tomorrow to this hotel (in Spain), and they are gonna ask me for my passport and other details. I cannot trust that my personal data will be kept safe. What can I do?

To @Berend: my understanding is that hotels get infected by a malicious email attachment and they get their booking.com credentials stolen (https://www.telegraph.co.uk/money/consumer-affairs/booking-customers-details-sold-dark-web-hotels-hacked/). I suppose their device is completely compromised after clicking the attachment.

Pingou
  • 33
  • 5
  • 10
    Who says these mails are sent from the hotel's devices? The article you linked to, talks about a hack at booking.com – Berend Jan 31 '24 at 14:00
  • 1
    Booking doesn't share your email to the hotel, else the hotel can contact you and offer a better deal (saving 40% of booking cut) – Giacomo Catenazzi Jan 31 '24 at 16:46
  • @Berend it's unclear from the linked article where the issue really is. It seems to definitely transit via Booking.com's servers (it even appears in their app), but it may be because a hacker got hold of the hotel's credentials which allow them to communicate with the customer. So the issue may still be at the hotel. That's of course booking.com's version, but without more information it's impossible to say who is at fault. – jcaron Jan 31 '24 at 17:34
  • 1
    @GiacomoCatenazzi While booking.com may not provide the e-mail to the hotel, it looks like they provide a way for the hotel to send e-mail to the customer through their system. – jcaron Jan 31 '24 at 17:35
  • 2
    @jcaron yeah, it's unclear. But in the end, this whole hack story is IMO irrelevant to the question which should have been: Can I trust any hotel (or booking.com) with my personal information? Regardless of a (un)known hack. – Berend Jan 31 '24 at 17:50
  • @jcaron And its certainly not 'obvious', as OP put it, that the hotel's system was compromised – Berend Jan 31 '24 at 17:53
  • 2
    @Berend Given the number of security and privacy breaches (that we know of!) every year you probably can't trust anyone at all :-( – jcaron Jan 31 '24 at 18:02
  • @jcaron: yes, but booking should provide spam filters (and they requires indirect email so that they can control content. For me it is more a problem of booking than of the hotel. I totally agree that we should not trust hotels (OTOH hotels usually do not have own software),but they use well known and robust back-end (used by airlines, etc. so with old rules about security and quality) compared a dot.com company like booking.com. – Giacomo Catenazzi Feb 01 '24 at 07:41

1 Answers1

7

As long as you don't trust the hotel, here are some things you can do to minimize the risks:

  • Make a copy of your passport, strike out all information except name, number and photo. Additionally, you can write across the copy something like "copy for hotel X, at date Y". Give the hotel that copy. Where I live, the government even provides an app that does this for you, for exactly this purpose
  • Don't use your credit card but pay in cash
  • Don't use the hotel's Wifi
Berend
  • 2,860
  • 1
  • 15
  • 24
  • 2
    And remember that the information on which you get the e-mail may have been stolen a while ago and that the situation right now can be different. – Willeke Jan 31 '24 at 15:21