Hackers access Booking.com user data, company secures systems

Booking.com confirmed a security incident where unauthorized third parties accessed user data, including names, email addresses, phone numbers, and booking details. While payment information remains secure, the exposure of personally identifiable information (PII) poses significant risks for targeted phishing and social engineering attacks against affected customers. The company has contained the issue, reset reservation PINs, and notified impacted users. Although some users reported scam calls utilizing reservation details, a direct link to this breach remains unconfirmed. Technical details regarding the initial compromise vector are undisclosed. Customers are advised to remain vigilant against fraudulent communications requesting card details or transfers. This incident highlights the ongoing risk to large online travel agencies and the importance of monitoring post-breach fraud attempts. Organizations should enforce multi-factor authentication and monitor for credential stuffing attempts leveraging exposed data.

Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer data linked to travel reservations. Exposed details could include names, email addresses, phone numbers, and information shared with accommodations. Booking.com is one of the world’s leading online travel agencies […]

Booking.com confirmed a security incident where unauthorized third parties accessed user data, including names, email addresses, phone numbers, and booking details. While payment information remains secure, the exposure of personally identifiable information (PII) poses significant risks for targeted phishing and social engineering attacks against affected customers. The company has contained the issue, reset reservation PINs, and notified impacted users. Although some users reported scam calls utilizing reservation details, a direct link to this breach remains unconfirmed. Technical details regarding the initial compromise vector are undisclosed. Customers are advised to remain vigilant against fraudulent communications requesting card details or transfers. This incident highlights the ongoing risk to large online travel agencies and the importance of monitoring post-breach fraud attempts. Organizations should enforce multi-factor authentication and monitor for credential stuffing attempts leveraging exposed data. Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer data linked to travel reservations. Exposed details could include names, email addresses, phone numbers, and information shared with accommodations. Booking.com is one of the world’s leading online travel agencies […] Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer data linked to travel reservations. Exposed details could include names, email addresses, phone numbers, and information shared with accommodations. Booking.com is one of the world’s leading online travel agencies (OTAs) and digital travel companies, specializing in accommodation bookings, including hotels, vacation rentals, and apartments. “In that spirit, we’re writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation.” reads the data breach notification sent to the impacted users. “We recently noticed suspicious activity affecting a number of reservations and we immediately took action to contain the issue. Based on the findings of our investigation to date, accessed information could include booking details and name(s), emails, addresses, phone numbers associated with the booking and anything that you may have shared with the accommodation.” Source Reddit In response to the incident, the company reset reservation PINs. Booking.com did not provide technical details about the attack . It is unclear whether the attackers compromised its systems. The company has not disclosed how many users were impacted, but said it has contained the incident and notified impacted customers. The company said no payment data was accessed. Customers are urged to stay alert for phishing, as the company never asks for card details or unusual transfers via email, phone, WhatsApp, or SMS. Recently, multiple users claimed online that scammers contacted them using what looked like real reservation details. It’s not yet clear whether these incidents are linked to the cyber incident disclosed by Booking.com. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, security breach)