Booking.com confirms data breach exposing customer booking details to unauthorised parties
Booking.com has confirmed a data breach that exposed customer booking information, including names and contact details, to unauthorised parties, while assuring users that financial data was not compromised.
- Booking.com confirmed unauthorised access to customer booking data.
- Financial information was not compromised, according to the company.
- Users warned to remain vigilant against phishing and suspicious messages.
SINGAPORE: Booking.com has confirmed a data breach involving unauthorised access to customer booking information, raising concerns over the security of user data on one of the world’s largest travel platforms.
The company said the breach may have exposed personal details including names, email addresses, phone numbers and booking information linked to past or upcoming reservations.
In an email sent to users on 15 April 2026, the platform said it had detected “suspicious activity affecting a number of reservations”. It added that “unauthorised third parties may have been able to access certain booking information”.
According to the company, the compromised data could also include any information shared directly with accommodation providers through the platform.
However, Booking.com stated that financial information was not accessed from its systems.
Response and containment measures
The company said it had “immediately took action to contain the issue” upon discovering the breach.
It has since issued new PINs to affected users with reservations and advised customers to strengthen their security measures, including installing antivirus software to guard against phishing attempts.
Booking.com emphasised that protecting customer data remains its “utmost priority” and said it would continue to enhance its existing security systems.
Users were also warned to be cautious of unsolicited communications. The platform reiterated that it would never request credit card details via email, text messages or messaging applications such as WhatsApp.
User concerns and reported incidents
The breach confirmation follows recent online discussions where users reported receiving official emails warning of unauthorised access to their booking data.
Some users described experiences involving phishing attempts, suspicious messages and exposure of personal details such as names and contact information.
While earlier reports were reportedly downplayed, a growing number of users now believe the issue may be more widespread.
Serious security breach - confirmed by booking.com
by u/Ill-Back7936 in Bookingcom
Previous scam activity linked to bookings
Booking.com users have previously been targeted by scammers posing as hotel representatives connected to legitimate bookings.
These scams often involve fraudsters contacting customers to obtain personal or banking details under the guise of resolving reservation issues.
Authorities and the platform have repeatedly advised customers to avoid clicking on external links and to verify communications directly through official channels.
Booking.com operates globally, with more than 30 million accommodation listings across nearly every country and territory, making the potential scale of the incident a concern for travellers worldwide.
