This post is also available in:
עברית (Hebrew)
Cybersecurity firm DataDome has recently uncovered serious vulnerabilities across popular restaurant booking platforms, leaving both customers and businesses at risk of automated cyberattacks. The researchers found that all of the online reservation sites that they tested were susceptible to malicious bot activity, such as credential stuffing and fake account creation, which could have serious consequences.
During the study, researchers discovered that bots can easily bypass the weak registration and authentication systems used by these platforms, allowing them to create fraudulent accounts and make reservations without triggering alerts. These bots can even scale their attacks, booking multiple tables at once or securing high-demand reservations, which could then be used for either resale or ransom, demanding payment for release.
DataDome’s findings highlight the lack of robust defenses on most major booking sites. According to the report, only 40% of the sites have bot detection systems in place, and none prevent fake account creation or stop credential stuffing attacks. Even basic authentication measures, such as CAPTCHA and multi-factor authentication (MFA), are missing or inadequate, leaving these sites vulnerable to exploitation.
The researchers also discovered that these booking platforms fail to stop bots from bypassing simple registration checks using tactics like temporary email services or Gmail dot techniques. This makes it easier for cybercriminals to hijack reservations, steal loyalty points, or even access financial information linked to credit card holds on certain sites.
To protect both consumers and businesses, DataDome recommends that booking platforms implement advanced bot detection, strengthen account creation processes, and monitor booking activity for unusual patterns, such as bulk or rapid reservations. Users should also be encouraged to enable available security features and be vigilant about suspicious account activity.
As the cybersecurity landscape continues to evolve, the hospitality industry must act quickly to address these vulnerabilities and safeguard its customers from emerging bot threats.
