Booking.com confirmed Monday that hackers may have accessed customers’ personal data, including names, emails, physical addresses, phone numbers, and booking details. The global travel and hotel reservation giant notified customers this past week of the breach, according to several online posts.
“We’re writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation,” read the notificaiton to customers, according to one user’s post on Reddit. Several other Reddit users replying to the post said they received the same notification. The message from the company included the aforementioned types of compromised data, as well as “anything that you may have shared with the accommodation.”
The user who posted the notification on Reddit told TechCrunch that they received a phishing message via WhatsApp two weeks ago that included “booking details and personal information.” That suggests hackers are leveraging the stolen information to target Booking.com customers.
Booking.com spokesperson Courtney Camp told TechCrunch that the company “noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information. Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.”
The spokesperson declined to answer TechCrunch’s specific questions, including how many customers were affected by this incident and then notified.
The company told The Guardian that “financial information was not accessed”.
In 2024, TechCrunch reported that hackers had infected several hotels’ computers with consumer-grade spyware, or stalkerware. In one case, a victim was logged into their Booking.com administration portal when the PcTattleTale stalkerware took a screenshot of their screen.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
According to the company’s website, 6.8 billion customers have booked hotel rooms and homes since 2010.
