Booking.com Warns Customers of Data Breach, Phishing Attempts Follow

Booking.com has confirmed that hackers gained access to customer information. The travel booking platform began notifying affected users last week after detecting unauthorized access to reservation data.

According to customer notifications shared online, the compromised information includes names, email addresses, phone numbers, and specific booking details. One customer posted the company's message to Reddit, which stated that "anything that you may have shared with the accommodation" could also be exposed. Several other users confirmed receiving identical alerts.

The stolen data appears to be actively used for attacks. One customer told TechCrunch they received a targeted phishing message on WhatsApp just two weeks ago, which contained accurate personal and booking information.

In a statement, Booking.com spokesperson Courtney Camp said the company "noticed some suspicious activity" and took action to contain it, including updating reservation PINs and informing guests. The company declined to specify how many customers were impacted but told The Guardian that no financial data was accessed. It later clarified that physical addresses were also not taken.

This incident follows a TechCrunch report earlier this year detailing how hackers used spyware to infect hotel computers, in one case capturing a Booking.com admin portal login. With over 6.8 billion room bookings since 2010, the scale of the platform makes any breach a significant event. Customers are advised to be wary of suspicious messages referencing their travel plans.