Booking.com said hackers accessed some users’ booking information tied to reservations, forcing the travel site to reset PINs for existing and past bookings and notify affected users by email.
KEY FACTS
- Data exposed Full names, email addresses, postal addresses, phone numbers and communications with property providers.
- Response The company reset reservation PINs and sent alerts to impacted users.
- User concern Some recipients did not see matching alerts in the Booking.com app.
- Scope The company did not say how many users were affected.
Users over the weekend reported emails from the official [email protected] address warning of a cybersecurity incident. The messages said unauthorized parties may have accessed certain booking information and included an updated PIN for a reservation number.
The notification also warned users to watch for suspicious emails and calls, and said the service will never ask for sensitive information or bank transfers. It also advised users not to click links in emails that appear to come from the booked property or the company itself.
Booking.com said it noticed suspicious activity involving unauthorized third parties and took action to contain the issue. The company said it updated PIN numbers for the reservations and informed guests.
Some Reddit users also said they were being targeted by scammers who appeared to know private reservation details. It is not clear whether those reports are tied to the same disclosure.
WHY IT MATTERS
The incident could help attackers craft convincing phishing or social engineering messages using reservation details. Travelers who received notices should treat unexpected requests for payment or sensitive information with caution.