Get advice to attract guests

Our data shows almost 50% more searches for this high season compared to last year. Grow your bookings with our guide. 

Get more advice

Preventing unauthorised use of your account

Updated 3 days ago | 4 min read time
Save

If you suspect that your account has been accessed by an unauthorised party, have received an unrecognised ‘new sign-in’ email or have observed unrecognised changes, your account may have been compromised. 


What’s in this article:


Recognising signs of unauthorised use

Your Booking.com extranet account has valuable information that fraudsters may try to target, such as personal data and payment details from guests. If you provided your credentials to an unauthorised third party, you may spot signs that your account had been maliciously accessed. These signs may include:

  • Guests receiving messages or phone calls asking for payments that do not originate from you
  • Unrecognised changes in your property details (contacts, rates, availability, content, etc.)
  • Notification emails from Booking.com stating that your account was accessed from a new, unrecognised location

Protecting your account from unauthorised use

There are several ways in which you can protect your Booking.com account:

  • Don’t reuse passwords. Re-using your password for different services allows attackers to easily access your account. For example, if you’re using the same password for Booking.com and another website and that website suffers a data breach, attackers might try to use these credentials to access your Booking.com account.
  • Choose a strong password with at least ten characters that contain uppercase letters lowercase letters and numerical and special characters. Your password shouldn’t contain any sensitive information that can be easy to guess such as name, email address or date of birth.
  • Make sure you always log in using this page. You can verify that you’re entering your credentials on our trusted website by checking our SSL certificate details. To do so, follow the steps below.

In Chrome: 

  1. Click the lock icon in your browser’s URL bar
  2. Click Connection is secure and Certificate is valid 

In Safari: 

  1. Click the lock icon in your browser’s URL bar 
  2. Click Show Certificate 

In Firefox: 

  1. Click on the lock icon in your browser’s URL bar 
  2. Click on Connection secure then More information

The SSL certificate should include the following information:

  • Issuer name: DigiCert Inc
  • Subject name: Booking.com BV
  • The mention: This certificate is valid

Securing your account after it has been maliciously accessed

To secure your account, follow the steps below:

  1. Reset your email account password.
  2. Reset your Booking.com account password. To do so, go to the extranet sign-in page, click Having trouble signing in? then click Forgot your password?. Enter your username and click Send reset link.
  3. Once you have signed in to your account, check all your information to see if anything has changed (personal information, preferred language, booking history).
  4. Report the infringement by contacting us immediately to let us know that your account may have been compromised. To help you and your guests as quickly as possible, your contract with Booking.com requires you to notify an actual or suspected account take-over within 24 hours. You can do this by reporting the issue to our security team.

Don’t forget to include all relevant details, such as suspicious new details in your account or suspicious charges on your credit card.

Is this article helpful?