If you believe a staff member accidentally entered their Cloudbeds credentials on a fake login page, or if you suspect your account has been accessed without your permission, act immediately. Speed matters.
How this usually happens
The most common attack targeting Cloudbeds users looks like this:
- A staff member searches "Cloudbeds login" in Google.
- A malicious sponsored ad appears at the top of the results. It looks identical to the real Cloudbeds login page.
- The staff member enters their username, password, and even their active MFA code.
- The attacker captures these credentials in real time and logs in using them within seconds.
This is why we always recommend bookmarking the official login page and never using a search engine to navigate to it.
Step 1: Change the password immediately
Log in to Cloudbeds using the official link (https://hotels.cloudbeds.com/auth) and go to Account > My Profile > Change Password.
Why this works: changing your password immediately terminates all other active sessions. Anyone currently logged in under your credentials will be removed within minutes.
If you cannot log in because the attacker has already changed your password: go to the login page and click "Forgot password?" to trigger a reset via your registered email.
Step 2: Audit your user list
Go to Account > Settings > Users and look for anything unexpected.
What to check:
- Any user accounts added recently that you do not recognize
- Any users with elevated permissions (Owner or Manager roles) that should not have them
- Any users with access to data exports (Reservation List, Guest Data exports)
If you find an unauthorized user: use the three-dot menu next to their name and select Disable User immediately.
As a precaution, temporarily remove data export permissions from any unverified staff accounts while you investigate.
Step 3: Report the suspicious link to Cloudbeds
Forward the suspicious URL or phishing email to support@cloudbeds.com with the subject line: Phishing
Include:
- The URL of the fake page (copy from your browser's address bar - do not click it again)
- The date and approximate time the incident occurred
- The email address of the affected staff member
Why this matters: our security team can initiate domain takedown procedures against fake sites, protecting other Cloudbeds customers who might encounter the same link.
Preventing this in the future
The single most effective prevention is bookmarking the official login page.
🔖 Official login: https://hotels.cloudbeds.com/auth Print this and tape it next to every front desk terminal. Never search "Cloudbeds" in Google to find the login page.
If your property has not yet switched to Passkeys, this is a good time to consider it. Passkeys are completely immune to this type of attack. Even if a staff member lands on a fake login page, the passkey will not work there - it is cryptographically bound to the official Cloudbeds domain.
For more on securing your property's login setup, see: Admin Guide - SMS & Email MFA and Choose the Best Login & MFA Method for You.
Comments
Please sign in to leave a comment.