To think booking.com should care about scam message

[TheGreatScotchEggControversy]

I received a WhatsApp (which isn't unusual on booking - often the accomodation will message)

From a business account, with correct logo and address of hotel asking if I needed information on parking or public transport.

The message addressed me by my name that I used on booking, which had a typo in it (new phone autocorrected my name) had the dates I was staying and that I'd booked via booking.

I clicked parking and it replied with an AI response of the local car parks etc. didn't think any more of it

Then I got a message a day later from same WA, saying there was a problem with my payment, booking would be cancelled and I needed to log in, and of course they provided a link.

Thankfully I immediately thought scam and contacted booking.com, they confirmed it wasn't from them or the hosts and that I should just block the number, with an attitude of well these things happen.

They didn't want to look into it, or have the details forwarded or care that my details had been harvested.
This wasn't a vague fishing scam, they knew all the details, the dates and my incorrect name so somewhere at booking or the website they have had a data breach and they don't GAF.

AIBU to expect a major website to care about information breaches?

I actually had similar a couple of days ago. A message via the app from the accommodation (supposedly) saying if I didn’t click on a link my booking would be cancelled. I did click on it given it had come through the app but saw sense when it asked for my bank details. Contacted booking.com and all they said was “Don’t click on links”. I don’t even know the current status, they said they’d contact the hotel but I’ve heard nothing. Messaged the hotel and they haven’t responded either.

I agree with you and thought there must be some law so googled, not sure if this is relevant, but take to Google and see what you find?

It certainly sounds like there could have been a data breach from Booking.com. If they aren't prepared to take it seriously I would be tempted to refer it to the ICO to look into.

I'd report that to ICO OP and I'd reply to the message you got from booking.com to say don't click the links, to say that they have had a data breach, which you are now reporting as they aren't.

This scam has been going on for over a year. Several articles on it, including one on The Guardian website. It looks like it's the hotel websites / email systems that get hacked & the scammers use the info in them to send an email to bookers. Given the thousands of hotel sites, it's not surprising that some get hacked & unfortunately there's nothing that Booking.com can do about it, other than post up warnings.

They have had a major data leak. It’s been going on for a while. When scammers know your email address, and the hotel you have booked, that is a real fucking issue. They just don’t care. It’s scandalous.

Thanks for the replies, I'm going to follow them up.

It was the sheer lack of concern that I was shocked by. I've reported scam link in the past and most companies have an email address where you send the scam email/text (admittedly they may not do anything with it but at least you feel like they have a small interest)

The hotel is also a major provider - I've contacted them as well .

Just frustrating when I do everything I can my end to keep my details safe.