Warning issued after Booking.com data breach

Newsletters sign up

Stay informed with the
latest news and analysis

Booking.com has declined to say how many people a data hack has affected.

The company said it “noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information”.

Booking.com added: “Upon discovering the activity, we took action to contain the issue.

“We have updated the pin number for these reservations and informed our guests.”

A spokesperson was reported as saying that “financial information was not accessed”.

The spokesperson said: "At Booking.com, we are dedicated to the security and data protection of our guests. We recently noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information.

"Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.

An email from the company to affected customers reported by the Guardian said the hackers may have been able to access “certain booking information” associated with a previous reservation the customer made.

“Based on the findings of our investigation to date, accessed information could include booking details and names, emails, addresses, phone numbers associated with the booking and anything that you may have shared with the accommodation,” it said.

Adrianus Warmenhoven, cybersecurity expert at NordVPN, said: “Even when payment details are not taken, this kind of breach can still create a serious security risk for travellers.

“Booking confirmations, contact details, holiday dates, and notes shared with a property can give cybercriminals enough to scam you.

“All of these can be used to build highly convincing phishing emails, fake customer support calls, or messages that look like legitimate follow-ups about a trip.

“Following this breach, the current danger is the second wave of scams. Once criminals know where you’re staying, when you’re travelling, and how to reach you, it becomes much easier to pressure people into clicking malicious links, handing over card details, or sharing even more personal information under the guise of a reservation issue.

“Anyone who thinks they may be affected should be especially cautious of urgent messages claiming to be from Booking.com, a hotel, or a payment provider.

"Don’t click through from emails or texts. Go directly to the official app or website, verify any request with the accommodation provider through a trusted contact channel, change your Booking.com password if reused elsewhere, and enable two-factor authentication wherever possible.

“It is likely that Booking will be following up with those who are affected, but it’s important to double-check who the sender is.

“Look at their email address to make sure it is legitimate and consider using a link checker before clicking anything that could infect your devices with malware.”