Booking.com Says Hackers Accessed User Information

Booking.com has notified some customers that hackers may have accessed information associated with their travel reservations.

In notifications shared online by users, the Amsterdam-based online travel platform said an unauthorized third party may have accessed information such as names, email addresses, phone numbers, and details users shared with accommodations.

Contacted by SecurityWeek, Booking.com clarified that customer accounts have not been breached. 

The company said it detected some “suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information”.

However, it has not provided any clarification on the incident, and it remains unclear whether its systems have been breached or whether the attackers gained access to the data through other means.

It’s also unclear how many users are affected by this cybersecurity incident. 

“We took quick action and the issues has been fully contained,” a Booking.com spokesperson said via email. “We have updated the PIN number for these reservations and informed our customers accordingly.” 

“While no financial or payment information was accessed, we’re also reminding customers to remain vigilant to potential phishing attacks and reinforcing that Booking.com will never ask for credit card details by email, phone WhatsApp or text message, or ask them to make a bank transfer that is different from the payment details in their booking confirmation,” the spokesperson added.

Related: Sophisticated ClickFix Campaign Targeting Hospitality Sector

Related: Critical Vulnerabilities Allowed Booking.com Account Takeover

Related: Traveler Information Stolen in Eurail Data Breach