Preventing unauthorized use of your account
If you suspect that your account has been accessed by an unauthorized party, received an unrecognized “new sign-in” email, or observed unrecognized changes, your account may have been compromised.
In this article:
Recognizing signs of unauthorized use
Your Booking.com Extranet account has valuable information that scammers may try to target, such as personal data and payment details from guests. If you provided your credentials to an unauthorized third party, you may spot signs that your account has been maliciously accessed. These signs may include:
- Guests receiving messages or phone calls asking for payments that didn’t originate from you
- Unrecognized changes in your property details (e.g. contacts, rates, availability, content, etc.)
- Notification emails from Booking.com stating that your account was accessed from a new, unrecognized location
Protecting your account from unauthorized use
There are several ways you can protect your Booking.com account:
- Don’t reuse passwords. Re-using your password for different services allows attackers to easily access your account. For example, if you use the same password for Booking.com and another website and that website suffers a data breach, attackers might try to use those credentials to access your Booking.com account.
- Choose a strong password that has at least ten characters and uses uppercase letters, lowercase letters, and numerical and special characters. Your password shouldn’t contain any sensitive information that can be easy to guess such as your name, email address, or date of birth.
- Make sure you always log in using this page. You can verify that you’re entering your credentials on our trusted website by checking our SSL certificate details. To do so, follow the steps below.
In Chrome:
- Click the lock icon in your browser’s URL bar
- Click Connection is secure and Certificate is valid
In Safari:
- Click the lock icon in your browser’s URL bar
- Click Show certificate
In Firefox:
- Click the lock icon in your browser’s URL bar
- Click Connection secure, then More information
The SSL certificate should include the following info:
- Issuer name: DigiCert Inc
- Subject name: Booking.com BV
- The mention: This certificate is valid
We discourage the use of tools that grant anonymity (e.g. Incognito, private modes, etc.) online while navigating the Extranet. This will help us keep you safe.
Securing your account after it’s been maliciously accessed
To secure your account, follow the steps below:
- Reset your email account password.
- Reset your Booking.com account password. To do so, go to the Extranet sign-in page, click Having trouble signing in? then Forgot your password?. Enter your username and click Send reset link.
- Once you’ve signed in, check all your info to see if anything has changed (e.g. personal info, preferred language, booking history, etc.).
- Contact us immediately to report the infringement and that your account may have been compromised. To help you and your guests as quickly as possible, your contract with Booking.com requires you to notify an actual or suspected account take-over within 24 hours. You can do this by reporting the issue to our security team.
Don’t forget to include all the relevant details, such as suspicious new details in your account or suspicious charges on your credit card.
-
Legal & Security
-
- Online security awareness: social engineering
- Online security awareness: Phishing
- Preventing unauthorized use of your account
- Securing your account
- Requirements and regulations for surveillance devices
- Digital event security standards
- Guidelines for room key access
- Keeping your property clean and sanitary
- Equipping your home property with safety devices, safety kits, and emergency plans
- Protecting your home property with security devices
- Partner Liability Insurance
- Identifying and acting on potential human trafficking of refugees from Ukraine
- Report a security issue
- Online security awareness: Malware
- All about our messaging security settings
-
- Why you need to complete the Know Your Partner (KYP) form
- How do I remove a property or end my partnership with Booking.com?
- My property is under new ownership. What should I do?
- Our animal welfare standards
- Where can I find my General Delivery Terms (GDT)?
- Complying with European Union consumer law
- Mandatory host type (professional/private) assessment
- How does parity work?
- Offer transparency and clarity through simpler policies
- Our Supplier Code of Conduct
- Understanding Force Majeure
- Handling emergency closures
- VAT and tax withholding legislation in Mexico
- Understanding short-term rentals
- Short-term rentals: FAQs
- DAC7: FAQs
- Everything you need to know about DAC7
- Non-discrimination guidelines when accepting or declining a booking request
- Laws and regulations for short-term rentals in Asia-Pacific
- Laws and regulations for short-term rentals in North America
- Short-term rental license requirements in New York City
- Everything you need to know about the Digital Services Act (DSA)
- Accommodation Agreement and General Delivery Terms
- When the contracting name on your accommodation agreement is wrong