Booking.com has confirmed that hackers may have accessed personal data of its customers, including names, email addresses, phone numbers, and booking details. The company notified users last week about a potential data breach, which sparked widespread reports online.
The customer alert stated that ”unauthorized third parties might have accessed certain booking-related information.” Users also reported that the breach could have exposed any data shared with accommodation providers during their bookings.
One user revealed receiving a phishing message via WhatsApp two weeks before the official notification. This message contained specific booking information and personal details, suggesting attackers are actively exploiting stolen Booking.com customer data to target users with tailored scams.
Booking.com spokesperson Courtney Kemp said the company detected ”suspicious activity involving unauthorized access to booking data” and promptly responded by updating PIN codes for affected reservations and informing users.
The company has not disclosed the exact number of impacted customers but emphasized that sensitive financial details were not compromised, nor were users’ physical addresses exposed.
Earlier this year, incidents involving spyware infection on hotel computers raised concerns about Booking.com user data security. In one case, malware captured screenshots while staff accessed the service’s admin panel, potentially exposing additional user information.
Since 2010, Booking.com reports facilitating approximately 6.8 billion bookings through its platform, making any large-scale data breach particularly significant given the vast volume of users worldwide.
For global travelers and online booking platforms alike, this breach highlights the growing sophistication of cybercriminals in targeting personal data and exploiting travel services for phishing schemes. It raises urgent questions about how online travel agencies can strengthen cybersecurity measures to protect an increasingly digital customer base.