Booking.com warns reservation data may have checked out with intruders

Booking.com is warning customers that reservation details may have been exposed to unknown attackers. It has been reported that the company began emailing affected users saying "unauthorized third parties" may have accessed booking information tied to their accounts — names, contact details, reservation dates and any messages exchanged with hotels. The company says financial data was not accessed, but has not disclosed how many people are affected.

How Booking.com responded (and what it won't say)

According to emails seen by reporters, Booking.com detected suspicious activity, contained the issue and reset booking PINs as a precaution. Customers were told to watch for phishing attempts. It has been reported that the company did not respond to requests for further comment and has not said whether the exposure came via a partner system, a compromised hotel account, or a direct breach of its own systems — or how long the data may have been exposed.

Why this matters — again

This is exactly the kind of data that makes phishing wildly effective: real names, booking dates and message threads that can be weaponized into convincing scams. It has been reported that the platform’s messaging system has been abused before, often after hotel accounts were compromised, and Booking.com’s past troubles are a reminder — Dutch regulators fined the company in 2021 after a supply-chain-style breach exposed customer details. Trust erodes fast; a shaken traveler is an easy mark. Not the souvenir you wanted from your last trip.

Sources: The Register