There's also posts on twitter and here on hackernews.
But at its core numbers don't matter, the fact that they ignore twofactor and let everyone login by clicking on the request e-mail is a complete failure of security.
Non tech savvy people will absolutely get compromised by this at some point given enough requests, and they don't post to Reddit about it.
If it works, you should definitely solve the problem for yourself even before booking.com eventually suffers enough to address the problem more generally.
https://www.reddit.com/r/techsupport/comments/18zewqa/keep_g...
https://www.reddit.com/r/Scams/comments/15oq4pn/bookingcom_v...
https://www.reddit.com/r/Scams/comments/1bblo8a/verification...
There's also posts on twitter and here on hackernews.
But at its core numbers don't matter, the fact that they ignore twofactor and let everyone login by clicking on the request e-mail is a complete failure of security.
Non tech savvy people will absolutely get compromised by this at some point given enough requests, and they don't post to Reddit about it.