A hacker working for a US intelligence service broke into Booking.com servers in 2016 and stole user data from the Middle East, according to a book published Thursday. The book also states that the online travel agency chose to keep the incident a secret.
Amsterdam-based Booking.com made the decision after calling on the Dutch intelligence service, also known as the AIVD, to investigate the breach of the company's servers. Following legal advice, the company did not notify the affected customers or the Dutch Data Protection Authority. 
The reason; Booking.com was not legally required to do so because no sensitive or financial information was accessed.
But ITs working on Booking.com told a different story, according to De Machine: In de ban van Booking.com. The book's authors, three journalists from the Dutch newspaper NRC, report that the internal name for the breach was "PIN leak" because the breach involved stolen PINs from bookings.
The book also states that the person behind the hack had access to thousands of hotel reservations in Middle Eastern countries, such as Saudi Arabia, Qatar and the United Arab Emirates. The leaked data concerned Booking.com customer names and their travel plans.
Two months after breach, private researchers των ΗΠΑ βοήθησαν το τμήμα ασφαλείας της Booking.com να προσδιορίσει το ότι ο hacker ήταν Αμερικανός που εργαζόταν για μια εταιρεία που εκτελούσε συμβόλαια για τις υπηρεσίες πληροφοριών των ΗΠΑ. Οι συγγραφείς δεν προσδιόρισαν ποια υπηρεσία βρισκόταν πίσω από την invasion.
Hotel reservation data and travel plans are a highly sought after product for hackers working for a state. In 2013, an informant of hers NSA unveiled the "Royal Concierge", a British spy program GCHQ which tracked reservations at 350 luxury hotels worldwide. Secret services use this data to identify the hotel where the targets are staying so they can place bed bugs in theeyeand them.
In 2014, Kaspersky Labs unveiled the Dark Hotel, μια καμπάνια που χρησιμοποιούσε δίκτυα Wi-Fi ξενοδοχείων για να μολύνει τις Appliances targeted visitors with the aim of gaining access to sensitive information. The hackers behind Dark Hotel - who were probably working on behalf of some government - were particularly interested in politicians and C-level executives.
The authors of The Machine reported that a Booking.com spokesperson confirmed that there was unusual activity in 2016, and that security personnel responded immediately to the incident. He also admitted that the company never revealed it because it had no legal obligation to do so.
