Booking.com Customers Warned of 'Reservation Hijacking' After Data Breach

Customers of Booking.com are being urged to exercise extreme caution following a significant data breach. The incident has enabled criminals to access customer names, email addresses, phone numbers, and details of current and past bookings. Although financial information remains secure, the compromised personal data is proving invaluable for sophisticated 'reservation hijacking' scams.

Understanding the Threat

These scams involve fraudsters contacting Booking.com customers, posing as legitimate hotels, to demand payments for fictitious reservation issues. Previously, such scams often relied on breaching hotel systems. However, this latest data compromise allows criminals to directly approach customers with highly convincing details, making the deception far more potent.

Company Response and Customer Advice

Booking.com has confirmed the suspicious activity, stating they have taken action to contain the issue and updated PINS for reservations. Emails are being dispatched to affected customers, alerting them to the heightened risk. The company has reiterated that it will never request credit card details via email, phone, WhatsApp, or text, nor will it ask for bank transfers that deviate from the payment policy outlined in booking confirmations.

Cyber-security experts, such as Norton, have highlighted that the precision afforded by the stolen data—including real property names, travel dates, and contact details—makes these scams appear as routine customer service interactions. The scale of the breach underscores a growing threat within the hospitality sector, with experts noting the swift transition from data exfiltration to active phishing campaigns signals a deliberate and organised effort by criminals.