Thousands Of Hotel Listings Were Hijacked In Google+ Local
Thousands of hotels listed within Google+ Local appear to have had links leading to their official sites “hijacked” and replaced with ones leading to third-party booking services. Google+ Local listings are what Google depends on to provide results in Google Maps or Google Search, when people look for local businesses. A Hijacked URL For example, […]
Thousands of hotels listed within Google+ Local appear to have had links leading to their official sites “hijacked” and replaced with ones leading to third-party booking services. Google+ Local listings are what Google depends on to provide results in Google Maps or Google Search, when people look for local businesses.
A Hijacked URL
For example, here is the “verified” page for the Courtyard Marriott in Sherman Oaks, California:
The arrows show how the URLs for the hotel’s official website leads to “courtyardmarriott.roomstobook.info” rather than the hotel’s actual page here within the Marriott.com domain [note: the page has now been removed; see the end of this story].
Thousands Of Hijacked Listings
The hijacked listings all make use of links that lead to either RoomsToBook.Info or RoomsToBook.Net. Doing a search on Google for Google+ Local listings using these domains reveals how thousands of hotels appear to have been hit.
For example, a search for listings using the “RoomsToBook.Info” domain currently brings up 1,880 listings that appear to have been hijacked:
A search for the “RoomsToBook.Net” domain currently brings up another 1,150 listings that seem to have been hijacked:
Rerouting Visitors To Third-Party Booking Sites
Sometimes clicking on one of these hijacked listings for the RoomsToBook.Info or RoomsToBook.Net domains automatically forwards visitors — redirects them — to landing pages like this one within those domains:
In other cases, visitors were forwarded to the HotelsWhiz.com web site.
Attempts to contact the owners of RoomsToBook.Info, RoomsToBook.Net and HotelsWhiz.com have been unsuccessful.
Emails were sent to various addresses listed in the public “whois” information for those domains. A phone call made to the number listed on the HotelsWhiz.com site was answered by a call center in the Philippines, where the woman I spoke with said she worked for i-lotel.com, a site that doesn’t seem to exist.
There’s also been no response to a feedback form used on the HotelsWhiz.com web site, nor from a LinkedIn message sent to Karim Mawani, who is listed on LinkedIn as the director of HotelsWhiz.com.
I could be that HotelsWhiz isn’t connected with any of this. A third-party affiliate company, one that’s paid for sending leads, could have generated all this without HotelsWhiz’s knowledge.
However, both RoomsToBook.Info and RoomsToBook.Net use the DNS servers of HotelWhiz.info. DNS is the way that internet URLs know how to direct people to the right places. That suggests a connection to HotelsWhiz.com, especially in that HotelsWhiz.com also uses HotelsWhiz.info for its own DNS.
Whether any of these companies are ultimately responsible for the hijacking is uncertain. All we know so far is that these listings have been hijacked, but exactly how or why isn’t clear.
Postscript (4:10pm ET): I did hear back from Mawani via LinkedIn, who said:
We have recently seen this issue and have reported to Google webmaster already. If you have seen any links please forward it to me and I will submit the request.
Our team is already in process of blocking list of certain domains and IP addresses from back-linking us.
Thank you for pointing this out if you have any more external domains acting in above manner please report it to us on
I hadn’t noticed this response initially, because I assumed LinkedIn would forward the email or a notification to my regular account. Mawani flagged the response to me via email just now — the same email I also contacted him with directly over all this, so I’m unclear why he didn’t respond that way.
I’m following up with him for more details, including why his company shares the same DNS as the two other sites.
Postscript (6:30pm ET): Per the comments below, the Philippines call center woman seems to have been referring to l-lotels.com rather than i-lotels.com. The home page of that site looks identical to the HotelsWhiz.com site, other than its home page.
It also turns out that the l-lotels.com may have also been used to hijack some listings, as shown below:
The domain appears to have been used in relation to 371 verified listings and 1,460 listings overall.
Google: No Comment, But Clean-Up Behind-The-Scenes
Google would be the best company to speak on what happened, but after being asked, it said it had no comment. Twice — because I asked twice if Google was sure it didn’t want to say anything [note: see below, where after this story was published, Google said confirmed it was aware of the issue and working to fix it].
Google has clearly been busy, however, now that it has been alerted to the issue. Some pages that were formerly in Google+ Local have now been entirely removed, such as these:
Trying to go to these, all of which were previously verified Google+ Local listings, now brings up error pages.
In other cases, while Google’s search results still show that a page has had its URL altered, such as for this:
The page itself has been updated to list the official web address:
There are also duplicate pages that exist, which is perhaps how Google is dealing with pages that were verified, yet corrupted, by downgrading them in favor of unverified but correct pages.
For example, this story showed an example of the verified page for the Sherman Oaks Courtyard Marriott having a hijacked URL. While that page was still live, a search on Google Maps brought up a different, unverified page here.
And, about an hour after I saw and documented that verified but hijacked page coexisting alongside the unverified but correct page, the verified page was completely removed from Google+ Local, probably as part of Google’s clean-up efforts.
Postscript (2:37pm): Google has now said that I can confirm it is aware of the issue and is working to fix it.