Booking.com has notified customers of a security incident involving unauthorized access to reservation data, warning that personal and booking-related information may have been exposed.
The company says it has taken steps to contain the issue, but has not disclosed how many users were affected.
The incident came to light after Booking.com detected what it described as “suspicious activity” impacting certain bookings. In emails sent directly to affected users, the company stated that unauthorized individuals may have accessed reservation-specific information, including names, email addresses, phone numbers, postal addresses, and any additional details shared with properties during the booking process. As an immediate mitigation step, Booking.com reset reservation PINs tied to impacted accounts.
CyberInsider
In a public statement, the company confirmed that third parties had accessed “some guests’ booking information” and reiterated that it acted quickly to contain the breach. However, Booking.com has not disclosed the number of affected customers, the geographic scope of the exposure, or the technical root cause behind the intrusion.
Founded in 1996 and headquartered in Amsterdam, Booking.com is one of the world’s largest online travel agencies, facilitating reservations for hotels, apartments, and other accommodations across more than 220 countries and territories. The platform handles vast amounts of personal and transactional data, making it a frequent target for cybercriminals.
Booking.com’s notification advises recipients to be cautious of suspicious emails or phone calls and reiterates that the company does not request sensitive financial information via email, SMS, or messaging apps. The inclusion of these warnings suggests concern that exposed data could be leveraged in follow-up scams targeting affected individuals.
Although there is no indication that payment card data was directly accessed in this incident, the exposure of contact details and booking information can significantly increase the effectiveness of targeted phishing attacks. Threat actors often use such data to impersonate hotels or booking platforms, requesting fraudulent payments or directing victims to malicious websites designed to harvest credentials.
Users who believe they may be affected are advised to remain vigilant for unsolicited communications referencing their bookings. Recommended precautions include verifying any payment requests directly through official Booking.com channels, avoiding clicking on links in unexpected messages, and ensuring devices are protected with up-to-date security software.
Booking.com says it is continuing its investigation and plans to expand its security measures, though further details about the scope and cause of the breach have not yet been made public.
Leave a Reply