Booking.com has confirmed a cybersecurity incident that exposed a large amount of customer data after weeks of speculation. The company said unauthorized actors accessed booking-related information, including names, email addresses, phone numbers, and reservation details.
The platform detected unusual activity involving external entities and acted quickly to contain the breach.
The affected data is limited to the pieces shared at the time of booking hotels. This would include all information related to the contact number, along with other data given to hotel partners. The company has not yet clarified whether any payment information has been breached as well.
User reports indicate an increase in phishing. Multiple people have reported receiving fake emails in which someone pretended to be a hotel employee. These letters were sent by redirecting people to fake sites, allowing scammers to steal users’ financial information. The fact proves that scammers are likely using customers’ booking details.
According to a Booking.com representative, the company took steps to protect its users’ personal information as soon as it detected the data breach. PIN codes for reservations have been changed, and users have received notifications regarding the event. According to Booking.com, there is no need to worry, as the issue has been resolved.
Also Read: Best Remote Cybersecurity Careers for 2026
Security experts recommend making changes immediately after hearing the news. One should change the password and pay attention to booking details. Furthermore, any contact should be made only through official channels. Any redirects and strange letters need to be avoided.
One should carefully review one’s bank statements and financial transactions because any unusual activity should be reported immediately, even if payment details are not disclosed.