Booking.com has sent an email to some customers warning “unauthorised third parties” may have accessed names, emails, addresses and phone numbers.
It is not known how many people have been affected, nor whether credit card details have been compromised.
Customers have been told not to share credit card details by email, over the phone, through text or WhatsApp.
Booking.com has warned a number of its customers that their personal information may have been accessed by unauthorised third parties, raising fresh concerns over the security of traveller data. The incident comes as the global travel platform continues to handle millions of bookings across its network of more than 28 million accommodation listings worldwide.
In an email sent to affected users, Booking.com stated that the exposed information could include booking details, names, email addresses, phone numbers, physical addresses, and any additional information shared with accommodation providers. The company said it detected suspicious activity impacting certain reservations and acted quickly to contain the issue.
The company emphasised that protecting customer data remains a top priority and confirmed that immediate steps were taken to secure affected accounts. As part of its response, Booking.com reset reservation PIN codes to prevent further unauthorised access and reduce the risk of misuse.
While the breach has raised alarm among users, Booking.com clarified in an official statement that no financial information, such as credit card details, was accessed from its systems. However, the company has not disclosed how many customers were impacted by the incident.
Customers have been advised to remain vigilant against potential phishing attempts, where cybercriminals impersonate legitimate organisations to extract sensitive information. Booking.com recommended installing antivirus software and being cautious of suspicious emails, phone calls, or messages requesting personal or financial details.
The warning follows a noticeable increase in scams targeting Booking.com users. One such case involved Steve Atkin from Port Macquarie, who reported being contacted by an individual posing as a Booking.com representative. The caller referenced his recent booking and refund request, creating a convincing scenario that led to a fraudulent transaction.
Atkin said the impersonator requested his card details, which he refused to provide. Despite this, he later discovered that $100 had been deducted from his account. Upon contacting Booking.com, he was informed that the individual was not affiliated with the company. He eventually received a refund for both the fraudulent charge and his accommodation, though he described the experience as “a very painful process.”
The incident highlights how cybercriminals are increasingly leveraging booking data and social engineering tactics to target travellers. By exploiting reservation details and posing as trusted service providers, attackers are able to create highly convincing scams that can bypass basic security awareness.
Booking.com reiterated that it never requests credit card information over phone calls, text messages, or messaging platforms such as WhatsApp, nor does it ask customers to make payments outside the official booking process.
The company continues to strengthen its security measures as it investigates the incident, but the breach underscores broader concerns about data exposure within highly interconnected digital travel ecosystems. As online travel platforms remain a prime target for cybercriminals, both companies and customers are being urged to adopt stronger security practices to safeguard sensitive information.
Recommended Cyber Technology News :
- Government Data Breach Linked to AI-Based Cyberattack
- Signature Healthcare Cyberattack Diverts Ambulances
- Rockstar Games Hit by Ransom Demand in Data Breach
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
