Booking.com Was Hacked: What Travelers Need to Know

What Happened?

Booking.com confirmed that hackers accessed customer data tied to travel reservations. The company said it noticed suspicious activity involving unauthorized third parties and took steps to contain the issue after discovering it. Reservation PINs have since been reset for affected bookings.

The breach is the latest in a pattern of cybercrime targeting the platform, which lists more than 30 million accommodation venues worldwide and connects millions of travelers with hotels, rentals, and experiences every year.

What Information Was Accessed?

Booking.com has not disclosed how many customers were affected, but the data exposed in the breach could include:

• Full names

• Email addresses

• Phone numbers

• Physical addresses

• Booking details and reservation information

• Anything you shared directly with the accommodation

The company confirmed that financial information was not accessed, meaning credit card numbers and payment data appear to be safe. That said, the personal details that were exposed are more than enough for scammers to work with.

What Should You Do Right Now?

If you have an active or recent reservation on Booking.com, treat any incoming messages about it with extra caution. There are already reports of hackers using stolen reservation details to send phishing messages via WhatsApp, with at least one affected user reporting they received a suspicious message containing accurate booking information two weeks before Booking.com issued its notification.

A few practical steps worth taking now:

• Be skeptical of any message asking you to verify payment details or re-enter card information before a trip

• Booking.com says it will never ask for card details or unusual transfers via email, phone, WhatsApp, or SMS

• If you receive a message that looks like it's from Booking.com or your accommodation, go directly to the app or website to verify rather than clicking any links

• Check your email for a notification from Booking.com directly — if you were affected, the company says it has informed impacted customers

Is This the First Time Booking.com Has Been Hacked?

Not exactly. Back in 2018, scammers used phishing tactics to get login credentials from hotel staff in the UAE, which gave them access to the booking details of more than 4,000 customers. The company didn’t report the breach right away and was later fined €475,000 (about $515,000 USD) by Dutch regulators.

More recently, the problem hasn’t been a single large breach so much as a steady rise in scams. Travelers have been contacted by fraudsters posing as hotels or customer support, asking for payment details to “verify” or pre-authorize bookings. What makes this current situation more concerning is that it seems to be feeding directly into that pattern. Scammers are now using real reservation details, which makes the messages feel legitimate at first glance and a lot harder to spot.

Should You Still Use Booking.com?

That’s a fair question. Booking.com is still one of the largest and most widely used booking platforms in the world, and there’s no indication that payment information was exposed in this case. But the pattern here is worth paying attention to, especially as scams get more sophisticated.

For now, it’s not about avoiding the platform altogether. It’s about how you use it. If you have an active reservation, keep using the app or official website to check details and communicate with your property. But treat any unsolicited messages about your booking, especially those asking for payment or verification, with a healthy dose of skepticism.

This is one of those moments where a little awareness goes a long way. Booking.com is still widely used and, for many trips, still the easiest way to book. But the way scams are evolving means travelers need to be just a bit more deliberate. Trust the information inside your account, not what shows up in your inbox or on WhatsApp. If something doesn’t feel right, pause and check it directly. Travel planning hasn’t suddenly become unsafe, but it has become something you need to stay actively aware of.

Frequently Asked Questions: Booking.com Data Breach

What happened in the Booking.com data breach?

Booking.com confirmed that unauthorized third parties accessed customer data tied to travel reservations. Exposed information could include names, email addresses, phone numbers, addresses, and booking details. The company has contained the issue and notified affected customers.

Was my payment information stolen in the Booking.com breach?

Booking.com confirmed that financial information was not accessed in the breach. Credit card numbers and payment data do not appear to have been compromised.

How do I know if my Booking.com data was affected?

Booking.com says it has notified customers whose information was accessed. Check your email for a message from the company. If you haven't received one, your account may not have been affected.

What should I do if I got a suspicious message about my Booking.com reservation?

Do not click any links or provide payment details. Go directly to the Booking.com app or website to check your reservation status. The company says it will never ask for card details or unusual transfers via email, phone, WhatsApp, or SMS.

Has Booking.com been hacked before?

Yes. In 2018, hackers used phishing tactics to access the booking data of more than 4,000 customers via hotel employee login details. Booking.com was fined €475,000 for reporting that breach late to the Dutch privacy regulator.

How many customers were affected by the Booking.com breach?

Booking.com has not disclosed the number of affected customers. The company said it has contained the issue and informed impacted guests.

Is it safe to use Booking.com after the breach?

The breach did not expose payment information, and the company says the issue has been contained. Travelers can continue using the platform but should treat any unsolicited messages about reservations with caution and verify through official channels directly.

What is Booking.com doing about the breach?

Booking.com reset reservation PINs for affected bookings, contained the suspicious activity, and notified impacted customers. The company has not disclosed full technical details of how the breach occurred.