Booking.com data breach

Booking.com said attackers accessed some customers’ reservation data and contact details, then warned those travelers to watch for scam messages and calls. (techcrunch.com) The company told affected users that unauthorized parties may have viewed names, email addresses, phone numbers and booking details tied to specific reservations. Booking.com said it changed reservation PIN codes after detecting the activity. (bleepingcomputer.com) Booking.com said it took action to contain the incident and began emailing customers over the weekend of April 11-12, 2026. Several reports published on April 13 and April 14 said the company had not disclosed how many people were affected. (skift.com) A reservation breach creates a different risk than a password leak. If a criminal knows your hotel, dates, phone number and the messages tied to that trip, a fake payment demand can look like part of a real booking. (techrepublic.com) Booking.com has spent the past two years warning travelers and hotel partners about travel scams that push guests off the platform or demand urgent bank transfers. In its own safety guidance, the company says travelers should stop if a property asks for payment on a third-party channel or says money must be sent within 24 hours to avoid cancellation. (news.booking.com) That backdrop helps explain the immediate concern around this breach. Cybernews reported on April 14 that customers were already describing fake emails and WhatsApp messages that appeared to match real upcoming trips. (cybernews.com) The company has said payment card information was not exposed in the incident, according to multiple reports citing Booking.com’s notices to users. The data at issue was reservation information and contact details, not full customer accounts. (shorttermrentalz.com) Booking.com operates in more than 220 countries and territories through Booking Holdings’ travel brands, which gives attackers a large pool of travelers and properties to target with impersonation scams. Booking.com said in partner guidance that it blocked more than three million fraudulent accounts from creating reservations in 2024. (ir.bookingholdings.com) (partner.booking.com) For travelers with a Booking.com reservation, the practical change is simple: treat any new payment request, PIN change notice or message pushing you to move off-platform as suspicious until Booking.com or the property confirms it through an official channel. (booking.com)