Booking.com confirms reservation data breach — tells customers hackers 'may have been able to access certain booking information'

Platform users reached out to TechRadar Pro to say they were receiving warning emails from the platform, with one saying, “I got sent this e-mail 12 hours ago from booking.com (twice - for 2 different bookings)."

In its email, the company said that it recently noticed suspicious activity “affecting a number of reservations”, which prompted an investigation. “Based on the findings, accessed information could include booking details, names, emails, addresses, phone numbers, and anything that you may have shared with the property.”

“To keep your booking secure, we've updated the PIN number of your reservation,” it concluded, and warned users about possible phishing attacks in the near future.

Targeting Booking.com

Attacks seem to have started happening already, though, as a user told TechCrunch they received a message via WhatsApp which included “booking details and personal information.”

The user later told TechRadar Pro they received three emails from the platform, all for bookings made in the past week, speculating that the information concerned recent bookings rather than whole accounts.

They confirmed to be a “standard customer”, booking accommodation through the web interface.

According to some sources, Booking is the most-visited travel website in the world, with more than 560 million visits per month, globally. The platform offers accommodation listings in more than 220 countries and territories, and provides access to millions of properties, including hotels, homes, apartments, and other lodging types.

Its popularity also makes it a major target for cybercriminals, who often manage to find their way inside. In mid-January 2026, for example, news broke of “hundreds of Dutch travelers” being defrauded as hackers managed to hijack their accounts.