Overview
- Booking.com notified customers on Monday that unauthorized parties accessed some reservation-linked data, including names, contact details, booking info, and messages shared with properties.
- Company statements say the incident is contained, reservation PINs were reset for affected bookings, customer accounts were not breached, and no financial or payment data was taken.
- Users have reported phishing and WhatsApp messages that cite real booking details, and Booking.com warns it will never ask for credit card information by email, phone, text, or WhatsApp or request bank transfers outside normal policy.
- Booking.com has not disclosed how many people were affected or how the data was accessed, leaving open whether attackers reached the data through its own systems or via partner and hotel accounts.
- Security outlets note that travel platforms have faced repeated supply‑chain and hotel account compromises, including a 2021 case that led to a Dutch regulator fine, which makes reservation details especially useful for convincing scams.