SPANISH police have arrested a 20-year-old man in Madrid after he allegedly manipulated a travel and hotel booking site’s online payment system to obtain luxury hotel stays for just €0.01 per reservation, with rooms costing up to €1,000 a night and losses reported at around €20,000 for one hotel. The investigation began on 2 February 2026 after a travel agency flagged suspicious bookings on its website.
Investigators say the suspect sabotaged the site’s integrated payment gateway, selecting a well-known international payment platform and launching a tailored cyberattack to alter the transaction validation process, so the system authorised payments after entering only one cent. The system then approved the reservations as fully paid, with only a cent transferred per booking.
The police identified the suspect within four days and arrested him while he was staying at a luxury hotel in Madrid; he faces suspicion of computer fraud and the inquiry remains ongoing, according to the Spanish National Police press release.