Booking.com has confirmed that hackers accessed customer data, raising concerns among experts about a potential surge in scams targeting users.
Some customers have already reported receiving suspicious messages, prompting the company to update reservation PINs and issue warning emails about heightened fraud risks. However, Booking.com has not disclosed how many users were affected or which regions were impacted.
The breach involved access to personal data such as names, email addresses, phone numbers and details of past and current bookings. The company said no financial information was compromised.
Cybersecurity experts warn that even without payment data, the stolen information is highly valuable to fraudsters. Norton has described the emerging threat as “reservation hijack” scams, where criminals impersonate hotels and contact customers about fake issues with their bookings to trick them into sending money.
Luis Corrons, security evangelist at Norton, said the stolen data makes these scams more convincing. By referencing real hotels, travel dates and customer details, fraudsters can make their messages appear like legitimate customer service communications.
With billions of bookings processed by the platform over the years, experts warn that users should remain cautious, verify any payment requests directly with hotels, and avoid sharing sensitive information in response to unsolicited messages.
