Booking.com hacked: Here’s what customers need to know

Booking.com, one of the world’s largest online hotel and travel booking platforms, has confirmed a security incident involving unauthorised access to some customers’ booking information. The company said it “noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information” and acted promptly to contain the issue. It has updated PIN numbers for affected reservations and informed impacted guests. While email addresses, telephone numbers and booking details may have been accessed, Booking.com clarified that no financial information or physical addresses were accessed.

Real stories from affected users

The breach has already led to real-world consequences for some customers. As quoted by TOI, one user on Reddit shared that shortly after receiving the breach notification, he was contacted via WhatsApp Business by scammers who had full details of his booking: name, credit card information, phone number, email, booking ID, dates, and even the hotel name. They tried to lure him to a fake Booking.com site to complete a 3D Secure verification.

Another customer reported receiving an in-app message from what appeared to be his booked hotel, confirming the reservation and warning against responding to messages outside the official app. He recognised it as a scam and did not engage.


Several users have warned others to closely monitor their bank statements and credit cards, especially if payment details were saved with Booking.com. Many have advised extreme caution with any unsolicited messages or calls claiming to be from Booking.com or the hotel.

Booking.com's response

Booking.com has stated that the issue is now under control. The company has reiterated its commitment to user security and said it is cooperating with relevant authorities.

What users should do now

• Closely monitor bank and credit card statements for any suspicious activity.
• Never click links or share verification codes received outside the official Booking.com app or website.
• If you receive suspicious messages, report them immediately to Booking.com support and your bank.
• Consider placing a fraud alert with your bank if you suspect your data has been misused.

(With TOI inputs)