Booking.com Data Breach: Unauthorised Access to Guest Data Triggers WhatsApp Phishing Scams, Confirms Company

Booking.com has confirmed a data breach involving unauthorised access to customer names, contact details, and reservation information. While the company maintains that no financial data was compromised, it has reset reservation PINs and notified affected guests to mitigate the risk.

Kalpesh Sharma
Booking.com Logo (Photo Credits: Official Website)

Booking.com, the global travel reservation giant, has confirmed a cybersecurity breach where unauthorised third parties gained access to sensitive customer information. The company began notifying affected users over the weekend after detecting "suspicious activity" within its systems. According to company statements and notifications sent to guests, the breach involved personal data linked to specific reservations, prompting an immediate security response to contain the exposure.

While Booking.com has moved to secure affected accounts, the incident has already triggered reports of follow-on phishing attacks. Several users have reported receiving highly targeted scam messages via WhatsApp and email that leverage the stolen reservation details to appear legitimate. Salesforce Layoffs Update: 4,000 Role Shift Part of 2025 Redeployment Strategy, Not Job Cuts, Amid ‘Agentforce’ AI Push.

Scope of the Compromised Information

The unauthorised access involved a variety of personal and travel-related data points. According to the notifications sent to impacted customers, the exposed information may include:

  • Full names and email addresses

  • Phone numbers and physical addresses

  • Specific reservation dates and booking references

  • Internal communications shared between the guest and the accommodation provider

Booking.com clarified in a statement to The Guardian and other news outlets that "financial information was not accessed" during this incident. This suggests that credit card numbers and bank details remain secure, though the personal data stolen is often sufficient for sophisticated social engineering and identity theft.

Immediate Security Measures and Response

Upon discovering the breach, Booking.com took steps to contain the unauthorised access and protect guest accounts. The company has forcibly reset the PIN numbers for all affected reservations to prevent hackers from further manipulating or viewing booking details through the platform’s administrative portals.

A spokesperson for the company, Courtney Camp, stated that the travel giant "took action to contain the issue" immediately after identifying the suspicious activity. However, the company has declined to specify exactly how many of its users were affected by the breach or the specific technical vulnerability that allowed the hackers to gain entry.

Rising Threats of "Highly Tailored" Phishing

Security experts have warned that even without financial data, the stolen reservation information is a valuable asset for cybercriminals. By knowing a guest's name, hotel, and travel dates, scammers can craft convincing messages that trick users into clicking malicious links or providing payment details under the guise of "verifying" a booking.

Reports on platforms like Reddit indicate that some victims were contacted via WhatsApp shortly after the breach was detected. These messages often included accurate booking details, making the phishing attempts difficult to distinguish from official communications. Booking.com has urged users to remain vigilant and reminded customers that it will never ask for sensitive bank information or transfers via phone or messaging apps.

Historical Context and Industry Vulnerabilities

This incident is the latest in a series of cybersecurity challenges for the Amsterdam-based platform. In 2024, researchers found that several hotel computers had been infected with spyware that allowed attackers to take screenshots of the Booking.com administration portal. Additionally, the company was fined EUR 475,000 by Dutch regulators in 2021 for failing to report a previous data breach within the legally required timeframe. Zoho Layoffs Denial: Firm Dismisses Reports of 300 Job Cuts, Issues Clarification.

The recurring nature of these attacks highlights a broader vulnerability in the travel and hospitality sector, where platforms act as intermediaries between millions of guests and thousands of third-party property managers. These interconnected systems provide multiple points of entry for hackers seeking to exploit the vast amounts of personal data generated by global travel.

TruLY Score by LatestLY
Rating:3

TruLY Score 3 – Believable; Needs Further Research | On a Trust Scale of 0-5 this article has scored 3 on LatestLY, this article appears believable but may need additional verification. It is based on reporting from news websites or verified journalists (TechCrunch), but lacks supporting official confirmation. Readers are advised to treat the information as credible but continue to follow up for updates or confirmations

(The above story first appeared on LatestLY on Apr 15, 2026 11:16 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).

Share Now

Tags

Booking.com breach Booking.com Data Breach customer data leak cyber fraud Cyber Threat Cyberattack cybersecurity cybersecurity incident data breach data privacy Data Theft identity theft Online Security Phishing Attacks reservation data scam alert WhatsApp Scam
Follow us on News

You Might Also Like

Fake Windows Update: Sophisticated Malware Campaign Disguised As Windows 11 24H2 Steals Passwords and Financial Data

OpenAI GPT-5.4-Cyber Model Launched to Enhance Defensive Security Work Following Anthropic’s Mythos Launch

Rockstar Games Data Breach 2026: GTA Developer Hit Again by ShinyHunters Hackers, Company Downplays Impact

Digital Arrest Fraud: CBI Files Chargesheet Against Siliguri Resident for Cheating Delhi Senior Citizen of INR 23 Crore via Fake Video Calls

Latest NEWS

TRENDING NEWS

Share Now

Categories