How to prevent unauthorized use of your account
If you receive an unrecognized "new sign-in" email or see unrecognized changes to your account, your account may have been compromised.
What does this mean for you?
Your Booking.com Extranet account has valuable info that criminals may try to target, such as personal info or guests' payment details. If you provided your credentials to an unauthorized third party, there may be signs that your Booking.com Extranet Account was compromised. These include:
Guests receiving messages or phone calls that aren't from you asking for payment.
Unrecognized changes to your property details (e.g. contact info, rates, availability, content, etc.).
Notification emails from Booking.com stating your account was accessed from a new, unrecognized location.
What can I do to stay safe?
There are several ways you can protect your Booking.com account:
Never reuse passwords. Reusing your password for different services gives attackers a better chance of accessing your account. For example, let’s say you use the same password for another website and Booking.com. If the other website suffers a data breach, attackers will then try to "validate" these credentials on other platforms.
Choose a strong password. We highly recommended keeping the following in mind when you create a password for your account:
Minimum length should be 10 characters
Should consist of a mix of characters, containing upper and lowercase letters, numbers, and special characters
Doesn't contain any additional sensitive info that can be easy to guess, such as your name, email address, and date of birth
Make sure you always visit https://admin.booking.com. You can make sure you’re providing your credentials on our website by checking for our certificate:
Note: The expiration date might be different when the certificate is renewed
I think my account was compromised. What should I do now?
Follow these steps to secure your account:
Reset your email account password first, then your Booking.com account password. To reset your Booking.com account, visit Booking.com, click "Sign in," then click "Forgot your password?"
Can you sign in to your account? If so, check all the info on your account to see if anything was changed (personal info, preferred language, reservations history).
Report it! Contact Booking.com immediately to let us know your account may have been compromised. To help you and your guests as quickly as possible, your contract with Booking.com requires you to report an actual or suspected account takeover within 24 hours.
You can do this by contacting our security team here:
Don’t forget to include all relevant details, such as suspicious new details on your account or unrecognized charges on your credit card.
Legal & Security
- Why do I need to complete a Know Your Partner (KYP) form?
- How can I make Pulse even more secure to use?
- What you need to know about online security and social engineering
- Online Security Awareness: Phishing
- Report a security issue
- How to prevent unauthorized use of your account
- What is 2-factor authentication (2FA)?
- Requirements and regulations for surveillance devices
- Digital event security standards
- Local laws and regulations
- How do I remove a property or end my partnership with Booking.com?
- My property is under new ownership. What should I do?
- Booking.com Animal Welfare Standards for Accommodation Partners
- Booking.com Animal Welfare Standards for Experiences Partners
- Where can I find my General Delivery Terms (GDT)?
- Which settings do I need to check to comply with European Union consumer law?
- Mandatory host type (professional/private) assessment
- How does parity work?
- Our values and guidelines
- Offer transparency and clarity through simpler policies
- Our Supplier Code of Conduct