Booking.com confirmed a data breach after unauthorized third parties accessed customer reservation information. The company emailed affected customers on Sunday, saying it detected suspicious activity across a number of reservations and took immediate action to contain the issue.
The breach exposed booking details, names, email addresses, physical addresses, and phone numbers. Hackers may also have accessed any additional information customers shared directly with their accommodation. Booking.com has not disclosed how many customers the breach affected. The company also has not confirmed whether hackers accessed credit card or payment details, leaving affected users without a clear picture of their financial exposure.
Booking.com said it now has the problem under control and has informed all affected guests. The company reset reservation PIN numbers as a precautionary measure. It warned customers not to share credit card information via email, phone, or text, and urged users to stay alert to phishing attempts that impersonate trusted organizations to steal personal or financial details.
The breach fits a broader pattern of security incidents on the platform. Earlier in 2026, criminals hijacked hotel accounts on Booking.com and used them to send fake payment requests, defrauding hundreds of Dutch travelers. That fraud more than doubled in scale between 2024 and 2025, with the United Kingdom, France, and Singapore reporting thousands of victims each. Researchers noted that criminals route these attacks through the platform’s own messaging infrastructure, making fraudulent messages extremely difficult to distinguish from legitimate ones.
This latest breach differs from those hotel account hijacks. However, the combination of exposed reservation data and a documented history of follow-on phishing campaigns raises the risk to affected customers well above a typical data exposure. Users with active or upcoming bookings should treat any unexpected payment requests or account messages with caution and verify directly with their accommodation before taking any action.
Booking.com operates more than 28 million accommodation listings globally and connects travelers with hotels, apartments, flights, and car rentals across hundreds of countries. The company stated that protecting personal data remains a top priority.
