One of the most popular lodging reservation platforms, Booking.com, on Monday confirmed that unauthorized parties may have accessed its customer booking information. The exposed data could include names, email addresses, phone numbers, reservation details, and “anything that you may have shared with the accommodation.”
“We’re writing to inform you that unauthorised third parties may have been able to access certain booking information associated with your reservation,” read a notification sent to affected customers.
While the company has not revealed how many people were impacted, the scale of the platform raises the urgency. According to Booking.com, more than 6.8 billion reservations have been made through the service since 2010, connecting travellers with over 30 million accommodation listings worldwide.
What could be more dangerous than the breach itself is how attackers use the information afterwards.
One user of their platform who shared their experience on Reddit said, "I received the same message. I’m currently on my honeymoon and have been using Booking.com for all my hotel reservations. I only have one stay left to complete the trip, and I’ve already received the PIN code. I hope everything is fine and that we won’t have any issues with our last hotel. Just to be safe, I’m not replying to any emails or clicking on any links.”
With real reservation data in hand, scammers can craft messages that appear convincingly legitimate, posing as hotel staff, support agents, or even the platform itself. Booking.com acknowledged the suspicious activity and says it acted quickly once it was detected.
“We noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information,” company spokesperson Courtney Camp said to TechCrunch. “Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.”
The company added that financial information was not accessed.
How to Protect Your Account
Booking.com has already taken the step of resetting PIN numbers for impacted reservations. If you have an upcoming trip, here is how to verify your status safely:
Check for the "System PIN" Reset: If you received an email from Booking.com stating your PIN has been updated, your data may have been viewed.
Ignore External Links: Never click on payment links sent via WhatsApp or SMS. Authentic Booking.com transactions should happen exclusively through their secure checkout page.
Verify via the App: If a hotel asks for card details in a chat, close the app and call the hotel directly using a verified number from Google Maps or their official website.
Monitor for Identity Theft: With your phone number and address now in the wild, be wary of increased spam calls or "SIM swap" attempts.
Emmanuel Umahi
