Booking.com Data Breach: Hackers Steal Customer Information
- Booking.com has confirmed a data breach involving unauthorized access to customer reservation details, prompting the company to notify affected users and implement security measures to contain the incident.
- The Amsterdam-headquartered company, which connects millions of travelers with more than 30 million accommodation venues globally, stated it detected suspicious activity involving unauthorised third parties being able to...
- In notifications sent to affected customers, Booking.com specified that the compromised information was associated with previous reservations.
Booking.com has confirmed a data breach involving unauthorized access to customer reservation details, prompting the company to notify affected users and implement security measures to contain the incident.
The Amsterdam-headquartered company, which connects millions of travelers with more than 30 million accommodation venues globally, stated it detected suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information
.
Scope of Exposed Data
In notifications sent to affected customers, Booking.com specified that the compromised information was associated with previous reservations. The company stated that the accessed data could include:
- Customer names
- Email addresses
- Phone numbers
- Physical addresses
- Specific booking details
- Any additional information shared by the guest with the accommodation provider
A spokesperson for Booking.com, Courtney Camp, told TechCrunch that the company took action to contain the issue upon discovery. The company also informed The Guardian that financial information was not accessed during the breach.
Security Response and Mitigation
To secure the affected bookings, Booking.com updated the PIN numbers associated with the compromised reservations. The company has since informed the guests whose data was exposed.
Despite these measures, the company has warned users about the potential for phishing attacks. The breach has already been linked to active fraudulent activity targeting customers.
Reports indicate that hackers are leveraging the stolen reservation data to conduct highly targeted scams. Some users have reported receiving phishing messages via WhatsApp that contained specific booking details and personal information to lend credibility to the fraud.
Based on the findings of our investigation to date, accessed information could include booking details and names, emails, addresses, phone numbers associated with the booking and anything that you may have shared with the accommodation
Booking.com email to affected customers
Corporate Context and Ongoing Threats
This incident is part of a broader pattern of cybercrime attempts targeting the platform. Booking.com has recently dealt with an increase in online scams where fraudsters request payment details for verification or pre-authorization before a trip, subsequently charging customers high amounts.
The platform’s vulnerability to such attacks has been highlighted by previous security incidents. In 2024, reports surfaced that hackers had used consumer-grade spyware, specifically pcTattletale, to infect computers at several hotels. In one instance, this allowed attackers to take screenshots of a victim’s screen while they were logged into the Booking.com administration portal.
Booking.com has declined to provide the exact number of customers affected by the most recent breach. The company continues to advise users to remain vigilant against suspicious communications that appear to originate from the platform or associated properties.