We’re committed to supporting you and taking action on cyber threats and attacks – but we also rely on you to be vigilant. On this page, we’ll guide you through recognizing and reporting suspicious online behavior as well as protecting your Booking.com account.

Reporting suspicious activity

Booking.com respects the privacy of your login details and devices. Our employees will never ask to take control of your computer or phone, request any login info such as your two-factor authentication and/or password, or any other confidential information.

If you are—or think you might be—a victim of a digital security attack on your Booking.com account, report it immediately.  When in doubt, leave the phone call, browser, or application.

Profile picture for the user

Tiago de Almeida

Director Cybersecurity

Protecting your Booking.com account

As a Booking.com accommodation partner, you have access to a lot of guest information. A successful cyberattack can result in loss of personal info and money for you as well as for your guests.


Use the checklist below to keep yourself secure:

Recognizing the signs of a cyberattack

Cybercriminals use a variety of ways to gain—or mislead you into giving them—unauthorized access to data from your digital accounts.

The scenarios below are breaches of a partner’s system or account – not a compromise of our Booking.com backend system or infrastructure.

  1. Phishing
    This occurs when someone pretends to be someone else and persuades you to log in to a fictitious website or click a malicious link to capture your login details. 
    Learn more about phishing

  2. Social engineering
    This technique is used by cybercriminals to trick you into giving them access to sensitive info through direct contact with you.
    Learn more about social engineering

  3. Malware
    This term refers to any malicious software (e.g. viruses, worms, trojan horses, or spyware) installed on a digital device.
    Learn more about malware


At Booking.com, securing our traveler and partner data and providing a reliable, resilient service is of paramount importance. We see this not only as a professional obligation, but also as an individual commitment. While we’ll never be able to eliminate all cybersecurity threats, we’ll always consider how they impact you, seek to quickly rectify incidents, and make all necessary improvements. Our mission is to earn, demonstrate, and position trust as a differentiating hallmark of the company.

Spencer Mott
Chief Security Officer


We want partners to feel confident using our platform. In addition to the secure processes we already have in place, through your vigilance and reporting of issues, we can work together to minimize these security threats.

Report a threat