Booking.com phishers could be invading your inbox.
The travel and hotel reservation platform notified customers this past week that their personal information, such as names, email addresses, phone numbers and booking details, may have been compromised in the breach, according to posts on social media.
“We’re writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation,” the notification read, according to a screenshot posted on Reddit.
The message noted that “anything that you may have shared with the accommodation” could have been part of the information stolen.
A spokesperson for the company told The Guardian that “financial information was not accessed.”
Courtney Camp, a Booking.com spokesperson, told TechCrunch that the company “noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information.”
“Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests,” she said.
Attackers are using the hotel and messaging systems tied to reservations to send convincing requests and messages to consumers. They often mimic real hotel communication on the booking platform, which can come off convincing.
The Reddit user who initially posted the notification to the subreddit r/Bookingcom told TechCrunch that they had received a phishing message through WhatsApp two weeks ago that included their booking details and personal information.
In some cases, travelers have reported being asked to “reconfirm payment” or “verify identity” shortly before their arrival.
Customers should look out for messages that look legitimate but feel off, urgent payment requests, last-minute confirmation emails or texts that appear to be tied directly to their reservation.
If you have a trip coming up, confirm your reservation details directly through Booking.com — not through email or text links. If anything feels off, call the hotel directly through their verified number on their website or on Google Maps.
Booking.com advises customers to report suspicious messages directly through its platform.
