Booking.com data leak sparks scam wave
Booking.com reported unauthorised access to some guests’ booking information, and follow‑on phishing, calls and WhatsApp scams have been reported by affected users. Coverage suggests attackers are using leaked travel details to craft convincing social‑engineering messages (cybernews.com) (timesofindia.indiatimes.com).
Booking.com said hackers may have accessed some customers’ reservation data, and affected travelers are now reporting scam emails, calls and WhatsApp messages tied to real bookings. (techcrunch.com) In emails sent to affected users, Booking.com said the exposed information could include booking details, names, email addresses, phone numbers and information shared with a property. The company said it reset reservation Personal Identification Number codes after detecting suspicious activity. (abc.net.au) (forbes.com) Booking.com told BleepingComputer that unauthorized access affected booking information associated with some reservations. Personal Computer Magazine reported the company also said no customers’ physical home addresses were accessed. (bleepingcomputer.com) (pcmag.com) The scam pattern is simple: criminals use real trip details to make fake messages look routine. Cybernews and Personal Computer Magazine both reported travelers describing WhatsApp messages and other contacts that referenced upcoming stays and pushed them to pay or verify details. (cybernews.com) (pcmag.com) That tactic fits a longer problem around Booking.com’s hotel network. In 2023, BleepingComputer reported attackers breaking into hotel and travel systems and redirecting guests to fake Booking.com payment pages to steal card data. (bleepingcomputer.com) In March 2025, Microsoft-linked reporting described a campaign targeting hospitality workers with fake Booking.com emails designed to steal logins or install malware. The Record said Microsoft tied that activity to a group it calls Storm-1865, which had used Booking.com lures against hotel guests in 2023. (therecord.media) Booking.com’s own partner guidance says accommodation partners hold guest names, addresses, credit card details and phone numbers inside the company’s Extranet system, and warns that phishing emails often mimic Booking.com login pages to steal credentials. (partner.booking.com) The company says travelers should rely on its trust and safety tools and stay alert for suspicious contact, while security coverage around this incident has focused on one immediate risk: a scammer who already knows where you are staying and when. (booking.com) (cybernews.com)
