Spanish police say they have arrested hacker who booked luxury hotel rooms for just one cent

Looking back over the years, I've spent an inordinate amount of time when planning a trip trying to find the best online price for my hotel stay. Does it make more sense to book directly with the hotel itself or a comparison site? Are there other websites that will offer a better deal that could shave a few dollars off the total package?

Frankly, for the actual amount of money I have saved, I'm not sure that it was necessarily always time well spent.

But if I was able to book hotel rooms worth up to €1,000 just for a single euro cent? Well, that would be beyond my wildest dreams.

And yet, according to Spanish police, one young man managed to make that dream a reality... until he got caught.

Spain's police force has announced that it has arrested a 20-year-old man who they claim managed to book luxury hotel rooms worth up to €1,000 a night for just one euro cent."

At the time of his arrest on 18 February, the man was mid-stay at an unnamed luxury Madrid hotel, having booked four nights that should have cost €4,000 - allegedly paying just one cent for the privilege.

The man - whose identity has not been released - allegedly targeted the payment gateway of a well-known online travel and hotel booking website.

It is claimed that when it came time to pay, the man selected a standard payment platform, but performed a high-tech sleight of hand during the communication between the booking site and the bank.

According to reports, which are being understandably kept high-level to avoid copycats, the attack did not meddle with the price displayed on the hotel booking site, but instead interfered with the message sent back to the booking site so that it claimed the transaction had been authorised.

In this way, the suspect was able to trick the system into registering a hotel booking as having been fully paid for the correct amount, while the actual amount processed was just one cent.

Apparently the discrepancy in the true amount that had been paid only became apparent days later, when the payment platform transferred the actual amount received to the hotel's bank account.

By which point, of course, the guest could already be checked into the hotel - or might have even already checked out without properly settling the bill.

The travel booking agency firm reported the suspected fraud to the police on 2 February, noting that multiple fraudulent reservations had been made via its website. Computer crime investigators described their probe into the incident as "highly complex" and "technical."

According to police, the suspect had used the technique on multiple occasions, often helping himself to minibar items, and leaving bills unpaid. One hotel is said to have suffered losses of more than €20,000.