Booking.com confirms hackers accessed customers’ data

April 13, 2026
aisecuritybusinesslaw
Courier uses smartphone to confirm delivery in urban setting.
Photo by Artem Podrez on Pexels

What Booking.com confirmed

Booking.com acknowledged Monday that unauthorized parties may have accessed customers’ booking information, including names, emails, physical addresses, phone numbers and reservation details. The company told customers in a notification — “We’re writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation,” a user posted online. It has been reported that the notice also said the attackers could have seen “anything that you may have shared with the accommodation.”

Customers report targeted phishing

It has been reported that several customers saw the notification on Reddit, and one user told TechCrunch they received a phishing message via WhatsApp containing their booking details and personal information. That pattern suggests the breach is already being weaponized for targeted scams — not just a headline, but a raw privacy hit for people who thought their trip was private. Allegedly, hacked data is being used to make phishing messages more convincing.

Company response and limits

Booking.com said it detected suspicious activity, acted to contain the issue and has updated PIN numbers for affected reservations; the company also notified guests. Spokesperson Courtney Camp confirmed the containment steps but declined to say how many customers were affected or notified. The company told The Guardian that financial information was not accessed. For scale: Booking.com’s site notes some 6.8 billion bookings since 2010 — a reminder of how many people’s data sits behind a single login.

Why this matters

Travel data is intimate in a mundane way: names, addresses, where you stayed, who you visited. That’s a lot of fodder for fraudsters. Remember the 2024 stalkerware cases that hit hotels and Booking.com portals? This feels like a sequel nobody asked for. So what now? Watch for suspicious messages, check your reservations, and ask the company for specifics — customers deserve clarity, not radio silence.

Sources: techcrunch