The Spanish National Police today announced the arrest of a 20-year-old man. He faces charges of manipulating a hotel booking website's payment system. He allegedly altered the electronic payment platform's authentication process, making his bookings appear fully paid.
In reality, only a minimal amount of one cent (0,01 USD) was deducted for rooms that typically cost up to 1,200 USD per night at various luxury hotels.
"This cyberattack was specifically designed to alter payment authentication systems," police stated, adding, "This is the first time we have detected criminals using such a method."
![]() |
A luxury hotel in Madrid, Spain. Photo: Guide.Michelin |
Police also reported that the man consumed items from hotel minibars during his stays and occasionally departed without settling his bills. At the time of his arrest, he was staying at a luxury hotel in Madrid, occupying a room for four nights, totaling 4,700 USD. Authorities estimate the hotel's losses exceed 23,500 USD.
The investigation began earlier this month after an online booking website reported suspicious activity.
Initially, transactions appeared to process correctly. However, irregularities emerged a few days later when the payment platform transferred the actual funds to partner hotels.
Huyen Le (According to AFP)
