The day I discovered my Booking.com wallet had been hacked
First things first... why on hell did I have money on the Booking.com wallet? Well, because they messed up a reservation that I had made and gave me back the money that they owed me on the wallet. We are talking here about MY money, that I had already paid with my credit card, so there is no good reason for them to refund the amount on the wallet, just to begin with.
Anyway, at this point I was just upset, not worried, until I opened my Booking.com account to plan a vegan-friendly trip, only to find that the 50 Euro credit in my wallet had vanished. Instead, there was a reservation for a hotel in a city I’d never visited— booked by someone else, paid for with my money. Panic set in. How had a stranger accessed my account? Why was there no fraud alert? No reservation email either? Apparently they just send the confirmation to the email that you write in final details form, not to the email linked to the account.
What followed was a six-month ordeal to recover my funds—a journey that exposed glaring gaps in Booking.com’s security protocols and customer support. Here’s what happened, and what you need to know to protect yourself.
The Reddit rabbit Hole: “This happens all the time”
After filing a fraud report with Booking.com without any real commitment on their part to fix the issue, I turned to Reddit. What I found was chilling: dozens of users described unauthorized bookings draining their wallets, often linked to accounts with strong passwords and 2FA enabled. Multiple threads talked about an "inside job", and speculated that compromised Booking.com employee accounts or API vulnerabilities enabled the thefts. What is worst is that every single user reports little to no help at all from Booking.com customer service.
My battle plan to recover the funds
As soon as I discovered that my wallet was empty I tried to get some help from the company, but the only answer I got for months was that they escalated my case to some supervisor...
So I just kept phoning, writing email to the company, my local Police authorities, to the Dutch Data Protection Authority and most importantly to Booking.com chat on facebook.
After 3 months I finally got the money back on the wallet, secured again my account with 2 factor protection and guess what !?! AFTER 48 HOURS THE WALLET WAS EMPTY AGAIN, someone booked a flight with it.
I had to do it over again, other 3 months went by, they gave me back my money and now I have used all the wallet to make a reservation. I don't feel safe using this platform anymore, I am checking the reservation every day as I fear that someone could just cancel it and steal the money again...
I will keep you updated on what's going to happen
Please share your similar experience here!
