Do you book your holidays online? Watch out for 007

(by Massimiliano D'Elia) Very often we rely on online platforms to search for and then book a holiday, or to reserve rooms for receptions or conferences in luxury hotels around the world. A "last minute" offer in particularly popular places is an opportunity not to be missed. Just register on the site, provide all the details, enter your credit card details and the "game" is as good as served: you can book fantastic holidays at often cheaper prices than those offered by traditional travel agencies.

Unaware, however, that those data could be used to track your interests, your movements and above all who you meet during work activities. You would never think that a site for booking hotels, flights, cars and vacation packages could be a valuable information tool for intelligence services. Yet it happened that in Holland one of the many pandora boxes was uncovered, where we all often store important personal information.

NRC Handelsblad, a Dutch newspaper conducted an investigation into a 2016 hacker attack against the site Booking.com, owned by Dutch and American companies linked by a joint venture. The complaint was published last Wednesday by three Dutch investigative journalists, Merry Rengers, Stijn Bronzwaer and Joris Kooiman. 

A hacker, nicknamed Andrew, allegedly managed to hack the servers of the Booking.com platform by copying the data and identification codes of thousands of customers, mainly diplomats and government officials operating in the Middle East. The hacker's interest was aimed at hotel reservations and flights practiced by unsuspecting victims, a way to know their movements and by cross-referencing data, to understand who they met and where. Information that, according to the journalistic investigation, was promptly reported to American intelligence agencies. 

After detecting the violation, Booking.com conducted an internal investigation and discovered that the hacker "Andrew" had connections with US spy agencies. The report cited by Dutch reporters claims that the company then turned to the Dutch General Intelligence and Security Service (AIVD), never publicly disclosing the news. The event within the company was promptly detected, thus continuing to guarantee all the security and privacy requirements of its customers.

Do you book your holidays online? Watch out for 007