Booking.com has confirmed a data breach that exposed customer data linked to reservations made through the platform. The company has not disclosed the number of customers affected by the breach.
In response to the incident, Booking.com has forced PIN resets for current and past reservations. Affected users will receive an email detailing the compromised data, which includes full names, email and postal addresses, phone numbers, and communications from hospitality providers.
Confusion arose among some users due to the lack of notifications sent through the Booking.com app, leading them to question the legitimacy of the emailed notifications. A representative from Booking.com confirmed to BleepingComputer that unauthorized third parties accessed some guests’ booking information.
According to Booking.com, the platform lists over “30 million accommodations” and serves hundreds of millions of customers, indicating that the breach could potentially impact millions. It remains uncertain if Booking.com will offer identity theft protection services to affected customers, which is common practice after data breaches.
Users are advised to be vigilant about potential phishing emails and to safeguard their devices with antivirus software. Customers who have not received an email about the breach are encouraged to check their spam folders and remain cautious about email legitimacy.
Sage Hunter of Booking.com stated, “At Booking.com, we are dedicated to the security and data protection of our guests. We recently noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information. Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.”
Booking.com recommends that impacted users monitor their emails and be attentive to communication about the breach, which may include notifications sent through other channels in the near future.
