Booking.com confirmed a security breach this week involving unauthorized access to user data associated with specific reservations. The travel giant took immediate steps to contain the incident by forcing PIN resets for both existing and past bookings.
Sage Hunter, the communications lead at Booking.com, confirmed the incident in a statement to BleepingComputer.
“At Booking.com, we are dedicated to the security and data protection of our guests. We recently noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information,” Hunter said.
Compromised data and user alerts
Impacted users received notifications from the official noreply@booking.com email address. The breach exposed several types of personal information, including full names, email addresses, postal addresses, and phone numbers.
Communications shared between travelers and property providers were also accessed. The company has updated the PIN numbers for the affected reservations and instructed users to be wary of suspicious communications.
While the company confirmed the breach, it did not disclose the total number of users affected. Booking.com stated that all impacted individuals would be notified individually.
Some users on Reddit reported receiving targeted scams involving private reservation details over the weekend. It is currently unclear if these specific scams are directly linked to the recent breach.
Booking.com advised users not to click any links in emails that appear to come from property providers or the company itself. The platform also noted that it will never request sensitive information or bank transfers via email.
