Cyber Attack cyber

Booking.com

Jul 23, 2025 1 min read
Booking.com

The rise of clandestine 'travel agencies' on darknet forums has led to significant financial losses for travel and hospitality industries. These agencies sell fraudulently booked flights, hotels, and other services at discounted rates, starting with credential theft and ending with fraudulent bookings. Airlines lose seat inventory, hotels absorb charge-backs, and travelers face drained reward balances. Trustwave reported one agency processed over 2,000 bookings in Q1 2025, netting $1.4 million in illicit revenue.

Source: https://cybersecuritynews.com/dark-web-travel-agencies-offering-cheap-travel-deals/

TPRM report: https://scoringcyber.rankiteo.com/company/booking.com

"id": "boo948072325",
"linkid": "booking.com",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Travel and Hospitality',
                        'type': ['Airlines', 'Hotels', 'Travel Agencies']}],
 'attack_vector': ['Mass-phishing', 'Infostealer trojans'],
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Loyalty credentials, Payment '
                                             'tokens'},
 'description': 'The rise of clandestine travel agencies on darknet forums has '
                'led to a full-fledged service economy that sells half-priced '
                'flights, five-star hotels, and even yacht charters using '
                'stolen credentials and fraudulent bookings.',
 'impact': {'financial_loss': 'Airlines lose seat inventory, hotels absorb '
                              'charge-backs, travelers face drained reward '
                              'balances',
            'payment_information_risk': 'High',
            'systems_affected': 'Booking systems, payment gateways'},
 'initial_access_broker': {'entry_point': 'Mass-phishing, Infostealer trojans',
                           'high_value_targets': 'Loyalty credentials, Payment '
                                                 'tokens'},
 'lessons_learned': 'Layered countermeasures are effective at disrupting '
                    'high-speed fraud loops',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': 'Implement layered '
                                                  'countermeasures',
                            'root_causes': 'Credential theft, Stolen payment '
                                           'tokens'},
 'recommendations': 'Implement geo-fenced MFA on loyalty portals, velocity '
                    'limits tied to device-ID, and dark-web telemetry that '
                    'flags brand mentions',
 'references': [{'source': 'Trustwave'}],
 'response': {'containment_measures': ['Geo-fenced MFA on loyalty portals',
                                       'Velocity limits tied to device-ID',
                                       'Dark-web telemetry that flags brand '
                                       'mentions']},
 'threat_actor': 'Dark web travel agencies',
 'title': 'Dark Web Travel Agency Fraud',
 'type': 'Fraud',
 'vulnerability_exploited': 'Credential theft, Stolen payment tokens'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.