Cyber Incident Victim: Marino Boutique Hotel

The Marino Boutique Hotel in Lisbon experienced a cybersecurity breach between June 12 and June 16, 2022, when an unauthorized actor compromised the hotel’s Booking.com account. The attacker exploited this access to initiate fraudulent transactions, resulting in approximately €500,000 in financial losses through falsified reservations. During the four-day intrusion, the hacker directly communicated with hundreds of the hotel’s customers via the compromised platform, impersonating legitimate staff or systems to facilitate the scheme. Hotel management initially misinterpreted the situation as a technical outage caused by routine platform maintenance, delaying their recognition of the malicious activity. This misdiagnosis allowed the attacker to maintain uninterrupted access to the Booking.com account throughout the attack window. The hotel lost all access to its Booking.com portal during this period, severing a critical revenue and communication channel.

The incident inflicted significant operational and financial damage, with the fraudulent bookings accounting for nearly half a million euros in losses. The hotel’s inability to access its reservation system for four consecutive days disrupted normal business operations and customer service workflows. The direct communication between the threat actor and customers introduced additional reputational risks, as guests received illegitimate correspondence from the compromised account. No technical details regarding the initial compromise vector (e.g., phishing, credential theft) were disclosed in available reports. The hotel’s ownership acknowledged the breach only after realizing the platform inaccessibility was not caused by maintenance, though specific containment or remediation steps taken were not described in the sourced material. Financial impacts were explicitly quantified, while operational disruptions centered on the Booking.com platform’s unavailability and subsequent communication challenges.