If you’ve got a trip booked through Booking.com, it’s worth paying extra attention right now 👀
The travel platform has confirmed a data breach after unauthorised parties gained access to some customers’ booking information. The good news? Payment and card details don’t appear to have been compromised. The bad news? The stolen information could still be enough for scammers to send very convincing fake messages.
According to current reports, the breach affected reservation data rather than full customer accounts, although Booking.com still hasn’t confirmed exactly how many bookings were impacted.
So, what exactly happened?
Booking.com says it detected suspicious activity involving some reservations and has since contacted affected travellers directly. Reservation PINs linked to impacted bookings have also been reset as a precaution.
Since then, several travellers have reported receiving highly convincing phishing messages via email and WhatsApp, often containing real booking details, hotel names and travel dates. In some cases, scammers have pretended to be hotels or Booking.com support staff and asked travellers to “verify” payment details or complete additional security checks.
What information may have been exposed?
Reports suggest the following details could have been accessed:
• Names
• Email addresses
• Phone numbers
• Reservation details
• Messages shared with accommodation providers through Booking.com
There’s still some mixed reporting around home addresses. Some outlets say postal addresses may have been exposed, while others report they were not affected.
One thing that does seem clear: Booking.com says payment and credit card information was not accessed in the breach.
Why this matters ⚠️
The biggest risk right now isn’t someone logging into your account; it’s scammers using real travel information to trick people into handing over payment details.
If someone already knows your hotel, booking dates and contact information, it becomes much easier to send messages that look genuine. That’s why cybersecurity experts are warning travellers to be especially cautious over the next few weeks.
What should you do now?
If you currently have a Booking.com reservation, here are the main things to keep in mind:
• Never share card or payment details via email, WhatsApp, text or phone call
• Double-check any payment requests directly in the official Booking.com app or website
• Don’t click suspicious links sent by message or email
• If in doubt, contact your accommodation using contact details you find yourself — not the ones included in the message
• Keep an eye out for unusual bank activity or failed payment attempts
• Check your inbox for any official notifications from Booking.com about your reservation
The bottom line? This breach is particularly worrying because the leaked information is exactly the kind scammers can use to make fake messages look incredibly real.
So if you’ve got a Booking.com trip coming up, maybe treat every unexpected payment request with a healthy dose of scepticism for now.
