Booking.com Notifies Customers of Data Breach and Targeted Phishing Campaign
Learn More
Booking.com notified a segment of its user base regarding a security breach involving unauthorized access to reservation data.
The exact root cause remains under investigation but the breach appears linked to the compromise of partner property accounts or management interfaces, which attackers then used to send targeted social engineering attacks.
Attackers used legitimate booking context to conduct highly convincing phishing operations. Attackers have reportedly contacted travelers via phone, SMS, and WhatsApp, impersonating Booking.com customer service agents to request credit card details or bank transfers. By using specific reservation details obtained during the breach, the threat actors bypass standard skepticism, leading to unauthorized financial transactions and account fraud.
The compromised data includes:
- Full names
- Email addresses
- Home addresses
- Phone numbers
- Booking details and reservation history
- Correspondence shared with accommodation properties
The number of affected individuals is not disclosed. Booking.com has not confirmed a direct theft of its central credit card databases but the company acknowledged that any information shared directly with properties through the platform's messaging system may have been exposed. Individual users have reported losses from subsequent fraudulent activity.
Booking.com claims it took steps to contain the unauthorized activity and secure affected accounts. The company has reset reservation PIN numbers for impacted users to prevent further unauthorized access to booking management tools. Affected customers received email notifications advising them to ignore payment requests made outside of the official platform and recommending the use of antivirus software to defend against malware-driven phishing attempts.
