Booking.com data breach alert
Booking.com confirmed unauthorized access that exposed customer reservation details — names, emails and phone numbers are among the data types reported — and scammers are now targeting travelers with phishing calls and messages (pcmag.com). Multiple outlets are warning customers to double‑check reservations and watch for phishing attempts tied to the breach (cybernews.com).
Booking.com says hackers accessed customer reservation data and is warning affected travelers to watch for fake calls, emails, and messages about upcoming trips. (techcrunch.com) The company told customers that “unauthorized third parties” may have accessed booking information tied to their reservations, including names, email addresses, phone numbers, addresses, booking details, and messages exchanged with properties. Booking.com also changed reservation PIN codes for affected bookings after detecting the incident. (forbes.com) Booking.com disclosed the breach publicly on Monday, April 13, 2026, but has not said how many customers were affected or how the attackers got in. The company said it moved to contain the incident once it spotted the suspicious activity. (techcrunch.com) The immediate risk is not a stolen card number. It is a criminal who knows your hotel, dates, and contact details well enough to send a payment request that looks like part of a real reservation. (cybernews.com) That playbook has circulated around Booking.com bookings before. Booking.com’s own partner guidance says unauthorized access can show up as guests receiving payment requests by phone or messages that did not come from the property. (partner.booking.com) Booking.com also tells travelers that no legitimate payment or reservation change will require gift cards or credit card details by phone, text message, or email. It directs customers to use its official site and app channels for support and booking changes. (booking.com) The company runs one of the world’s largest travel marketplaces, with more than 28 million accommodation listings, which means exposed reservation data can be used across hotels, apartments, and short-term rentals in many countries. (abc.net.au) Security researchers describe this kind of fraud as reservation hijacking: scammers use real booking details to make a message feel routine, then push the traveler to pay again or hand over sensitive information. (us.norton.com) Booking.com has not reported financial data exposure in the notices described by multiple outlets, but it is telling users to treat any unexpected outreach about a booking with caution. For travelers with a live reservation, the practical check is simple: open the booking in the app or official website and confirm any payment request there before responding. (pcmag.com)
