Booking.com has confirmed a recent data breach resulting in unauthorized access to customers’ booking information. The exposed data includes names, email addresses, physical addresses, and phone numbers. The company has stated that financial information and payment details were not compromised in the attack and has initiated steps to secure affected accounts.
While no specific affected products or versions are involved—this is a cloud-based service issue—the exposed personal information and booking details create a high risk for targeted phishing campaigns. Attackers often use travel details to craft highly convincing scams aimed at extracting payment or further personal information from victims.
How to check if you’re affected
- Monitor your email: Look for official communications from Booking.com regarding the breach.
- Beware of targeted phishing: Be highly suspicious of emails, texts, or calls claiming to be from Booking.com, especially those asking for payment details, password resets, or urgent action regarding your travel plans.
- Verify directly: If you receive a suspicious message about a booking, do not click on any links. Instead, log in to your Booking.com account directly through their official app or website to check the status of your reservations.