If you think your account was accessed by an unauthorized party, receive an unrecognized "new sign-in" email, or see unrecognized changes to your account, your account may have been compromised.
What does this mean for you?
Your Booking.com Extranet account has valuable info that scammers may try to target, such as personal info or guests' payment details. If you provided your credentials to an unauthorized third party, there may be signs that your Booking.com Extranet Account was compromised. These include:
Guests receiving messages or phone calls that aren't from you asking for payment.
Unrecognized changes to your property details (contact info, rates, availability, content, etc.).
Notification emails from Booking.com stating your account was accessed from a new, unrecognized location.
What can I do to stay safe?
There are several ways for you to protect your Booking.com account:
Never reuse passwords. Reusing your password for different services gives attackers a better chance of accessing your account. For example, let’s say you use the same password for another website and Booking.com. If the other website suffers a data breach, attackers will then try to "validate" these credentials on other platforms.
Choose a strong password. We highly recommended keeping the following in mind when creating a password for your account:
Minimum length should be 10 characters
Should consist of a mix of characters, containing upper and lowercase letters, numbers, and special characters
Doesn't contain any additional sensitive info that can be easy to guess, such as your name, email address, and date of birth
Make sure you always visit https://admin.booking.com. You can make sure you’re providing your credentials on our website by checking for our certificate:
Note: The expiration date might be different when the certificate is renewed
I think my account was compromised. What do I do now?
Follow these steps to secure your account:
Reset your email account password first, then your Booking.com account password. To reset your Booking.com account, visit Booking.com, click "Sign in," then click "Forgot your password?"
Can you sign in to your account? If so, check all the info on your account to see if anything was changed (personal info, preferred language, reservations history).
Report it! Contact Booking.com immediately to let us know your account may have been compromised. To help you and your guests as quickly as possible, your contract with Booking.com requires you to report an actual or suspected account takeover within 24 hours.
You can do this by contacting our security team here:
Don’t forget to include all relevant details, such as suspicious new details on your account or unrecognized charges on your credit card.