Cybersecurity for accommodation partners

Booking.com respects the privacy of your login details and devices. Our employees will never ask to take control of your computer or phone, request any login info such as your two-factor authentication and/or password, or any other confidential information.

Report a threat

As a Booking.com accommodation partner, you have access to a lot of guest information. A successful cyberattack can result in loss of personal info and money for you as well as for your guests.

Use the checklist below to keep yourself secure:

• Set up two-factor authentication (2FA) on your Extranet account and use biometric authentication and custom passcodes on your Pulse account.
• Don’t reuse passwords and always choose strong ones.
• Install the latest version of the operating system on your devices.
• Download and install apps from trusted sources.
• Create individual Extranet accounts for yourself and your employees.

Cybercriminals use a variety of ways to gain—or mislead you into giving them—unauthorized access to data from your digital accounts.

The scenarios below are breaches of a partner’s system or account – not a compromise of our Booking.com backend system or infrastructure.

1. Phishing
   This occurs when someone pretends to be someone else and persuades you to log in to a fictitious website or click a malicious link to capture your login details. 
   Learn more about phishing

2. Social engineering
   This technique is used by cybercriminals to trick you into giving them access to sensitive info through direct contact with you.
   Learn more about social engineering

3. Malware
   This term refers to any malicious software (e.g. viruses, worms, trojan horses, or spyware) installed on a digital device.
   Learn more about malware