He believes it was a scam.
A man used Booking.com to book a chalet in the French Alps for next March, but more than a week after making the reservation, he received a WhatsApp message from someone named Emilio that the booking was cancelled.
"He informed me that he had cancelled the collaboration with Booking.com as he was unhappy with the commission," recounted Stomp contributor N.
"But if I wish to proceed to reserve, he would send me the new link to book on TripAdvisor.
"At this point, I was worried about losing such a good deal. So I enquired more about the price and he assured me that the price on TripAdvisor was cheaper."
The next day, the Stomp contributor received on WhatsApp a link that he found suspicious.
"It looked a bit odd. So I used VirusTotal to scan the link and my suspicions were confirmed," said the Stomp contributor.
"I realised my details had leaked out of Booking.com. So to confirm, I emailed the reservation on Booking.com to confirm the booking, but to my horror, Emilio messaged me on WhatsApp to inform me that he received my message."
Worried about being scammed, the Stomp contributor called the Booking.com hotline.
"Jay, whom I spoke to, told me my booking was still valid and there was nothing wrong with it. So I said that someone had contacted me via WhatsApp and it may be a scam. But he assured me that was not possible.
"After I explained my story, he said that the booking was actually under investigation, but everything would be normal till it was confirmed. I reiterated that I have received a message with a malicious link and that this was definitely a scam. He then advised me to cancel the booking and that they will help me find an alternative booking within 24 hours which I agreed.
[[nid:651523]]
"When I asked about my details being leaked and how Booking.com protects customers' details, he assured me that they are not able to see my details.
"However, I have worked in hotel reservations before and know that the property is able to see all confirmed bookings as they need to create the booking on their CRM (customer relationship management). My full name, mobile number, credit card info, et cetera, have all been leaked through the host on Booking.com."
In response to a Stomp query, a Booking.com spokesperson said: "At Booking.com, we are committed to protecting and safeguarding our customers' personal data.
"Not only do we handle all customer data in line with the highest technical standards, but we are also continuously innovating our processes and systems to ensure robust security on our platform.
"All Booking.com partners also agree to a policy that requires them to follow certain data handling procedures to protect customers while effectively managing their business in a responsible manner."
The spokesperson confirmed that there had been no data leak on Booking.com.
"It is standard industry practice for the most important details of any successfully confirmed reservation to be sent through to the accommodation booked," said the spokesperson.
"In the very rare instance that there might be some cause for doubt or concern with a specific property, we investigate and act immediately, removing them from our site if necessary - as we have done in this instance."
Stomp understands that the chalet booked by the Stomp contributor was a fraudulent listing and has since been removed.
In October, the police said at least 30 people have lost a total of at least S$41,000 to phishing scams after making room reservations using Booking.com since September.
This article was first published in Stomp. Permission required for reproduction.