Cyber Attack on Booking.com: Users' Personal Data Exposed, but Not Financial Information
A security breach has affected Booking.com, one of the leading global platforms for travel and accommodation booking. The company has confirmed that unauthorized individuals managed to access some information related to users' bookings.
According to the information provided by the company, the incident involved personal data associated with bookings, including full names, email addresses, phone numbers, postal addresses, and details of stays. In some cases, communications between clients and accommodation facilities may have also been exposed. Booking.com specified that, at this point in the investigation, no financial information has been compromised.
The company, based in Amsterdam and with a catalog of over 30 million properties, manages hundreds of millions of bookings each year, acting as an intermediary between users and tourism service providers. The distributed nature of the model—which involves numerous third parties—presents a critical element in data security management.
In response to the incident, Booking.com has forced a reset of the PIN codes associated with the affected bookings, including some that have already been completed, and has sent email communications to potentially involved users. In the notifications, the platform advises to pay particular attention to any suspicious messages, reminding users that it will never request sensitive information or money transfers via email or phone.
The company has also recommended not to click on links contained in unverified communications, even if they appear to come from booked properties or the platform itself.
Booking.com has not provided details on the exact number of users affected by the breach, stating only that all involved customers will be informed individually. The company has activated its multilingual customer support services to handle any support requests.
Meanwhile, reports have emerged from online users indicating attempts at fraud based on seemingly accurate booking information. Currently, no direct link between these incidents and the recently reported breach has been confirmed.