LONDON – Booking.com, the leading hotel reservation service with around 35Lac properties, comes under scrutiny as the personal data of tens of thousands was leaked in a cyber breach.
The platform detected suspicious activity where unauthorized parties accessed some customers’ booking data, including personal details like names, emails, and phone numbers, but not financial information. The company contained the issue, reset affected booking credentials, and notified users, while investigating the scale of the breach.
Booking.com confirmed that it detected suspicious activity linked to multiple reservations and moved quickly to contain cuyber attack. Affected customers were notified by email on Sunday, but many critical questions remain unanswered about the full scale of the incident.
The exposed data includes customers’ names, email addresses, phone numbers, physical addresses, and detailed booking information. In some cases, hackers may also have accessed additional information that users directly shared with their hotels or accommodation providers, potentially widening the scope of exposure beyond standard booking records.
The exact number of affected customers have not been revealed, and it has also not confirmed whether credit card or payment details were compromised. This lack of clarity has left users uncertain about whether their financial information is at risk.
In response, the company reset reservation PINs as a precaution and issued urgent warnings to customers. Users are being strongly advised not to share sensitive payment information through email, phone calls, or text messages. The company also cautioned that phishing attempts, designed to impersonate trusted organizations, may be used to exploit the leaked data.
The latest incident comes after hackers targted hotel accounts on Booking.com and used them to send fake payment requests through its own messaging system. That wave of fraud reportedly impacted hundreds of Dutch travelers and expanded rapidly between 2024 and 2025.
While this latest breach is separate from the earlier account takeovers, cybersecurity experts warn that the combination of exposed reservation data and previous scam activity creates a heightened risk environment. Stolen personal details could be used to craft highly convincing phishing messages, increasing the danger for travelers with active or upcoming bookings.
Mossad, Malware, and Media: How a Pakistani TV Channel Got Hacked for Psychological Warfare
