Preventing unauthorized use of your account

If you suspect that your account has been accessed by an unauthorized party, received an unrecognized “new sign-in” email, or observed unrecognized changes, your account may have been compromised. 

In this article:

Recognizing signs of unauthorized use

Your Booking.com Extranet account has valuable information that scammers may try to target, such as personal data and payment details from guests. If you provided your credentials to an unauthorized third party, you may spot signs that your account has been maliciously accessed. These signs may include:

• Guests receiving messages or phone calls asking for payments that didn’t originate from you
• Unrecognized changes in your property details (e.g. contacts, rates, availability, content, etc.)
• Notification emails from Booking.com stating that your account was accessed from a new, unrecognized location

Protecting your account from unauthorized use

There are several ways you can protect your Booking.com account:

• Don’t reuse passwords. Re-using your password for different services allows attackers to easily access your account. For example, if you use the same password for Booking.com and another website and that website suffers a data breach, attackers might try to use those credentials to access your Booking.com account.
• Choose a strong password that has at least ten characters and uses uppercase letters, lowercase letters, and numerical and special characters. Your password shouldn’t contain any sensitive information that can be easy to guess such as your name, email address, or date of birth.

• Make sure you always log in using this page. You can verify that you’re entering your credentials on our trusted website by checking our SSL certificate details. To do so, follow the steps below.

In Chrome: 

1. Click the lock icon in your browser’s URL bar
2. Click Connection is secure and Certificate is valid

In Safari: 

1. Click the lock icon in your browser’s URL bar 
2. Click Show certificate 

In Firefox: 

1. Click the lock icon in your browser’s URL bar 
2. Click Connection secure, then More information

The SSL certificate should include the following info:

• Issuer name: DigiCert Inc
• Subject name: Booking.com BV
• The mention: This certificate is valid

Securing your account after it’s been maliciously accessed

To secure your account, follow the steps below:

1. Reset your email account password.
2. Reset your Booking.com account password. To do so, go to the Extranet sign-in page, click Having trouble signing in? then Forgot your password?. Enter your username and click Send reset link.
3. Once you’ve signed in, check all your info to see if anything has changed (e.g. personal info, preferred language, booking history, etc.).
4. Contact us immediately to report the infringement and that your account may have been compromised. To help you and your guests as quickly as possible, your contract with Booking.com requires you to notify an actual or suspected account take-over within 24 hours. You can do this by reporting the issue to our security team.

Don’t forget to include all the relevant details, such as suspicious new details in your account or suspicious charges on your credit card.