Booking.com has denied its systems have been compromised by canny cyber criminals - but admits customers booking through a separate portal would be compensated following a breach.
The Sun reports criminals are targeting the OTA in the hope of stealing cash and personal data from customers through popular mobile messaging app WhatsApp.
Users reported being sent WhatsApp messages claiming there had been a security breach, requiring them to change their password.
The link though gave hackers access to their bookings and other personal data, allowing them to send customers messages demanding holiday payments into bogus bank accounts.
Compromised data included names, addresses, phone numbers, booking details - including exact prices - and reference numbers.
And even if users spotted the ruse and avoided parting with any money, their details had nonetheless already been stolen.
The Sun reported “Booking.com insists its systems were not compromised, but said hotels it works with on a separate portal were and customers will be compensated”.