Booking.com has officially confirmed a significant security breach involving unauthorized third-party access to customer reservation data. The travel giant began notifying affected users this past week, revealing that sensitive personal information—including names, email addresses, phone numbers, and specific booking details—was compromised.
Details of the Unauthorized Access
The breach has triggered widespread concern among travelers after users began sharing notification emails on platforms like Reddit. The company’s official communication warns that intruders may have accessed any information shared directly with accommodation providers during the reservation process.
Evidence suggests that the stolen data is already being weaponized. One affected customer reported receiving a targeted phishing attempt via WhatsApp containing their specific booking details, indicating that attackers are actively using the pilfered information to conduct social engineering attacks.
Company Response and Containment
Booking.com spokesperson Courtney Camp stated that the firm identified “suspicious activity” involving unauthorized access to guest information. In response, the company claims it has taken measures to contain the intrusion, including resetting PIN numbers for the impacted reservations.
Despite the containment efforts, Booking.com has remained opaque regarding the scale of the incident. The company declined to disclose the total number of customers affected by the breach. However, they did clarify to The Guardian that no financial or payment information was accessed during this event. A subsequent update confirmed that physical addresses were also excluded from the compromised data set.
A History of Security Challenges
This incident follows a pattern of digital security hurdles for the platform. In 2024, reports surfaced regarding hackers utilizing stalkerware to compromise hotel administration portals. In one documented instance, a victim’s Booking.com administrative dashboard was captured via screenshot by malicious software, highlighting the risks inherent in the hospitality industry’s digital ecosystem.
Given that Booking.com has facilitated billions of reservations since 2010, the platform remains a high-value target for cybercriminals. Customers are advised to remain vigilant against suspicious messages or unsolicited communications referencing their travel plans.