Booking.com acknowledged on Monday that hackers may have accessed personal data such as customers’ names, email addresses, phone numbers and reservation details. The global travel and hotel reservations giant notified customers about the breach last week, according to multiple online posts.
“We would like to inform you that an unauthorized third party may have been able to access certain reservation information related to your reservation,” the notice to customers read, according to one user’s Reddit post. Several other Reddit users who responded to the post said they also received the same notification. The message from the company included the types of compromised data mentioned above, as well as “anything you may have shared with the property.”
The user who posted the notification on Reddit told TechCrunch that he received a phishing message via WhatsApp two weeks ago containing “reservation details and personal information.” This suggests that hackers are using stolen information to target Booking.com customers.
Booking.com spokesperson Courtney Camp told TechCrunch that the company “became aware of suspicious activity that allowed an unauthorized third party to access some of our guests’ reservation information. After discovering this activity, we took steps to contain the issue. We updated the PIN numbers on these reservations and notified guests.”
A spokesperson declined to answer TechCrunch’s specific questions, including how many customers were affected by the incident and subsequently notified.
The company told the Guardian: “No financial information has been accessed.”
In 2024, TechCrunch reported that hackers infected multiple hotel computers with consumer spyware, or stalkerware. In one case, the victim was logged into the Booking.com administrative portal when the pcTattletale stalkerware took a screenshot of the screen.
tech crunch event
San Francisco, California
|
October 13-15, 2026
According to the company’s website, 6.8 billion customers have booked hotel rooms and homes since 2010.
Updated comment from a Booking.com spokesperson to note that physical addresses were not obtained in the breach.
Source link
