London: Cybersecurity researchers have warned people about a new scam that is targeting Booking.com customers by posting advertisements on the Dark Web, asking for help finding victims. Hackers are targeting accommodation listed on the platform to impersonate staff members.
The scam, investigated by cyber-security firm Secureworks, involved deployment of the Vidar infostealer to steal a hotel's Booking.com credentials.
Access to the Booking.com management portal allows the threat actor to see upcoming bookings and directly message guests, according to cybersecurity firm Secureworks. Booking.com has not been hacked but hackers have devised ways to get into the administration portals of individual hotels which use the service.
Hackers are offering $30 to $2,000 per valid log with additional incentives for regularsuppliers. According to reports, hackers appear to be making so much money in their attacks that they are now offering to pay thousands to criminals who share access to hotel portals.
