Booking.com hit by cyberattack

Incident

First reported

13.04.2026 20:30

Last updated

13.04.2026 20:30

Happening score

H score 8

1 unique sources, 1 articles

Summary

Hide ▲

Booking.com confirmed a security breach that let unauthorized third parties access some guests’ booking information, creating exposure risk for personal contact details and reservation communications. The company said it contained the issue, reset PINs for existing and past reservations, and notified impacted guests directly. The exposed data may include full names, email addresses, postal addresses, phone numbers, and communications shared with property providers. The disclosure matters because reservation records can be reused for convincing phishing, fraud, or social-engineering attempts.

Timeline

13.04.2026 20:30 2 articles · 1mo ago

Booking.com confirms reservation data access

Initial Disclosure
Booking.com confirmed that unauthorized third parties accessed some guests' booking information, forced PIN resets for existing and past reservations, and emailed impacted users directly. The exposed records may include full names, email addresses, postal addresses, phone numbers, and communications shared with property providers, creating risk for phishing and impersonation against travelers.
Show sources

New Booking.com data breach forces reservation PIN resets — www.bleepingcomputer.com — 13.04.2026 20:30

New Booking.com data breach forces reservation PIN resets — www.bleepingcomputer.com — 13.04.2026 20:30
Open in new tab

Summary

Timeline

Booking.com confirms reservation data access