Customers of the world-famous online hotel booking service Booking.com are falling victim to hackers.

Specifically, hackers have developed a new sophisticated scheme to steal both data and money from travelers using Booking.com's services.

Cybersecurity experts said that hackers did not directly attack Booking.com's system, but took advantage of security vulnerabilities at the company's partner hotels, causing many customers to suffer losses.

The attack began with a call to hotels that partnered with online booking service Booking.com. The attackers asked the front desk staff to help them find lost or forgotten items in the room, then sent an email with a link to files stored on Google Drive.

The files sent by the subjects were said to contain photos of the lost items. In fact, these files were infected with the Vidar virus - the virus used to steal Booking.com login data from partners' systems.

Once they have their Booking.com login credentials, scammers will approach customers under the guise of the online booking service and ask them to pay additional fees in order to enjoy preferential services.

Hackers will instruct customers to pay on fake websites or request credit card information over the phone to steal money from accounts.

Experts warn that Booking.com logins are already circulating on the black market, where they fetch an average of $2,000 per account, demonstrating the effectiveness and danger of this new scam.

Therefore, cybersecurity company Panda Security recommends that travelers should not trust additional payment requests from Booking.com and contact the hotel directly for confirmation.