Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter
user icon Login
Become a free member

Booking.com confirms cyber incident, customer reservation data potentially compromised

Hotel and accommodation booking site Booking.com has begun notifying its customers of a cyber incident, confirming that hackers may have gained access to reservation data.

author profile
Daniel Croft
Tue, 14 Apr 2026 Security
Booking.com confirms cyber incident, customer reservation data potentially compromised

In a notification sent to customers, the site said that it had noticed third-party access that impacted reservations.

“We recently noticed suspicious activity affecting a number of reservations and we immediately took action to contain the issue,” the notice reads.

You’re out of free articles for this month

“Based on the findings of our investigation to date, accessed information could include booking details and name(s), emails, addresses, phone numbers associated with the booking and anything that you may have shared with the accommodation.”

 
 

Based on the notice email posted on reddit, the notices appear to have been addressed from the hotels the customer reservations were with. However, the user that posted the statement says that this appears to be an issue with Booking.com as a whole.

“I reported a security breach 15 days ago, and they claimed everything was fine on their end,” the user said.

“Apparently, they are now sending automated emails to many customers, which clearly shows this is not an issue with just one hotel, but likely something related to their booking management app or security systems.

“Given how weak their security appears to be, I’m not surprised. Make sure you understand the risks before booking with Booking.com.”

Booking.com has not clarified whether or not its systems were breached, nor how many people were impacted by the incident.

However, it did confirm that no financial data was accessed in a statement to SecurityWeek.

“We took quick action and the issues has [sic] been fully contained,” a Booking.com spokesperson said.

“We have updated the PIN number for these reservations and informed our customers accordingly.”

“While no financial or payment information was accessed, we’re also reminding customers to remain vigilant to potential phishing attacks and reinforcing that Booking.com will never ask for credit card details by email, phone WhatsApp or text message, or ask them to make a bank transfer that is different from the payment details in their booking confirmation.”

Speaking with Cyber Daily, former FBI agent and Chief Information Security Officer (CISO) at Arctic Wolf Adam Marré said that this is an example of threat actors replicating legitimate activity and using social engineering rather than relying on breaking systems.

"What we’re seeing here is how incidents like this can quickly evolve beyond the initial breach. When attackers have access to real booking data, any follow-on messages or activity don’t feel suspicious. They line up with an actual trip or reservation, which makes people far more likely to trust them. It’s a pattern we’re seeing more often, where attackers focus on making their activity look legitimate and catching people at the right moment," he said.
"This type of social engineering is becoming more common, especially when paired with more technically sophisticated attacks. Cyber criminals count on flaws in human nature for success, and adding real-world context like this only increases their chances.
"The challenge is that this doesn’t rely on breaking systems in obvious ways. It relies on exploiting normal communication flows. In sectors like travel, where there are multiple handoffs between platforms, partners and customers, that creates more opportunities for attackers to step in.
"For consumers, it’s worth pausing before clicking on any unexpected messages, even if they reference a real booking, and going back to the platform directly to double check. For organisations, it’s a reminder to keep tightening the basics, from identity controls to visibility across partner systems, so this kind of activity is picked up earlier."
Updated 14/04/2026: Added commentary from Adam Marré, Arctic Wolf.
Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
Tags:

You have0 free articles left this month.
Register for a free account to access unlimited free content.
You have 0 free articles left this month.