How to prevent unauthorized use of your account

If you suspect that your account has been accessed by an unauthorized party, receive an unrecognized ‘new sign-in’ email, or observe unrecognized changes to your account, your account may have been compromised. 

What does it mean for you?

Your Booking.com Extranet account has valuable information that fraudsters may try to target, such as personal information & payment details from guests. If you provided your credentials to an unauthorised 3rd party, there may be signs which signal that your Booking.com Extranet Account may have been maliciously accessed. These signs may include:

  • Guests receiving messages or phone calls asking for payment which do not originate from you.

  • Unrecognised changes in your property details (contacts, rates, availability, content, etc.).

  • Notification emails from Booking.com stating that your account was accessed from a new, unrecognized location.

What can I do to stay safe?

There are several ways in which you can protect your Booking.com account:

Never re-use passwords. Re-using your password for different services provides attackers with a greater chance that they will be able to access your account. For example, let’s say you use the same password for another website & Booking.com. If the other website suffers a data breach, attackers will then try to ‘validate’ these credentials on other platforms.

Password strength. It is highly recommended that when creating a password for your account, you bear in mind the following:

  • Minimum length should be 10 characters.

  • Your password should have mixed characters containing upper & lowercase letters, numerical, & special characters.

  • Does not contain any additional sensitive information which can be easy to guess such as name, email address, date of birth.

Make sure you always visit https://admin.booking.com. You can be sure that you’re providing your credentials on our website by checking for our certificate:

Image
certif.png

Note: The expiry date may differ as the certificate is renewed

I think my account has been maliciously accessed. What can I do now?

Follow these steps to secure your account:

  • Reset your email account password first, then your Booking.com account password. To reset your Booking.com account, you can do so by visiting Booking.com, clicking ‘Sign in,’ then clicking on ‘Forgot your password?’

  • Are you able to sign in to your account? Check all the information within your account to see if anything was changed (personal information, preferred language, reservations history).

  • Report it! We ask that you contact Booking.com immediately to let us know that your account may have been compromised. In order to help you and your guests as quickly as possible, your contract with Booking.com requires you to notify an actual or suspected account take-over within 24 hours. 

You can do this by contacting our security team here:

Report a security issue

Don’t forget to include all relevant details, such as suspicious new details in your account or suspicious charges on your credit card.