Booking.com Confirms Data Breach, Warns of Phishing Risks

Booking.com, a global leader in accommodation bookings, has confirmed a security incident. Unauthorized third parties may have accessed sensitive customer information, raising concerns among travelers worldwide. The company stated that the breach could involve names, email addresses, phone numbers, and booking specifics, though it emphasized that financial data was not compromised.

“

We inform you that unauthorized third parties may have had access to certain booking information related to your booking.

While the full extent of the breach remains unclear, the sheer scale of Booking.com's operations—over 6.8 billion bookings since 2010 and connections to over 30 million properties—underscores the potential impact. The incident highlights the sophisticated methods employed by attackers, who can leverage seemingly legitimate booking data to craft convincing phishing attempts.

“

We noticed suspicious activity involving unauthorized third parties accessing the booking information of some of our customers.

In response, Booking.com has taken immediate action, including limiting the breach and notifying affected customers. The company has also reset PINs for relevant bookings. To further protect users, Booking.com advises caution regarding external links, especially those received via WhatsApp or SMS, and recommends verifying any requests for card details directly with the accommodation through official channels or the Booking.com app.

“

Once we identified the incident, we took steps to contain it. We have notified our customers and changed the PINs of the relevant bookings.