One of the world's biggest hotel booking websites has insisted its customers' details are safe after a whistle-blower revealed how he helped fraudsters use personal data to trick thousands of people.
It emerged last month that con artists obtained details of reservations made on Booking.com and sent demands for payment which appeared to come from the hotels where the bookings were made.
The Netherlands-based firm estimated that around 10,000 people were affected from countries including the UK, US, France, Italy, Portugal and the UAE, but those who lost money have had it refunded.
A whistle-blower has now revealed how he unwittingly played a part in the scam.
Tom, not his real name, told BBC Radio 4's Money Box that he was recruited via an international freelance telesales website.
He said: "We were told to call up people and tell them that they'll receive an email ... and if they have any questions they should get in touch with us."
"We had to say that we were calling from (the hotel into which the customer had booked) and we would send an email and it would appear that the hotel was sending them an email."
Those emails demanded advance payment to bank accounts that were not connected to the hotels.
Tom said he was angry at becoming involved in the scam and claimed he believed it was harmless to tell people to expect an email.
Andre Manning, head of global public relations for Booking.com, is adamant that its customers details are not at risk.
He said: "Personal data of customers are safe with Booking.com and we of course have taken our time to work with all parties involved, most importantly our customers to make sure the impact on them is as minimal as possible."
He added: "Phishing is an industry-wide phenomenon that we now have been confronted with like other e-commerce companies in the past.
"We have immediately stepped up our security measures and will continue to counter these criminal activities and to make sure booking accommodations via Booking.com is safe."