Hotels, airlines, cruises and travel sites are under siege from crooks using using fake or stolen account details to try to access accounts.
Hackers have been using stolen or leaked account details to attempt to log into accounts, using botnets to deliver attacks at industrial scale, according to research by Akamai.
Akamai researchers analysed nearly 112 billion bot requests and 3.9 billion malicious login attempts that targeted sites in this industry including airlines, cruise lines and hotels among others. Nearly 40 percent of the traffic seen across hotel and travel sites is classified as "impersonators of known browsers" - which Akamai described as a known vector for fraud.
Analysis of malicious login attempts by country against the hotel and travel industry by researchers at Akamai found that between November 2017 and March 2018, 650 million attacks came from Russia and 625 million came from China.
While it researchers can't be sure why attackers in these regions of the world are so keen on attempting to breach accounts associated with the hospitality sector, but one likely explanation is that hotels and travel sites would be lucrative for organised crime gangs.
"By their nature, companies in the hospitality sector often hosts a lot of personal information," Bernd Koenig, director of security products at Akamai Technologies told ZDNet.
"For example, hotels have everything from guest credit card data through to identity documentation that guests might be required under local laws to provide at check in. This is exactly the kind of personal and payment data that would be considered valuable to hackers".
Not only are hotel websites full of personal information which can be used to commit fraud or even make purchases, a lot of them also offer users incentives and point-based reward