Booking.com breach requires PIN reset for reservations
▼ Summary
– Hackers accessed some Booking.com users’ data from their reservation information, as confirmed by the company.
– The compromised data includes full names, email and postal addresses, phone numbers, and communications with property providers.
– The company forced PIN resets for affected reservations and directly notified impacted users via email.
– The incident has led to confusion as users received emails but no in-app alerts, raising questions about message legitimacy.
– Some users report being targeted by scammers with private reservation details, though a direct link to this breach is unconfirmed.
In a recent cybersecurity incident, the global travel platform Booking.com has confirmed that unauthorized parties gained access to certain user data linked to reservations. The company has taken immediate containment measures, including forcing PIN resets for both current and past bookings, and directly notifying affected customers via email. This breach highlights the persistent threats facing major online services that handle vast amounts of sensitive personal information.
Over the weekend, numerous users began receiving official communications from the company’s no-reply email address. These notifications warned that personal details associated with their travel bookings may have been exposed. The types of compromised data potentially include full names, email and postal addresses, phone numbers, and communications shared with property providers. Each email contained an updated PIN for a specific reservation and urged heightened vigilance against phishing attempts and suspicious calls, reiterating that the company will never request sensitive financial information or direct bank transfers.
The official notification stated the company’s dedication to guest security and data protection, while informing recipients that third parties may have accessed certain booking information. It further advised caution with any emails appearing to originate from booked properties or from Booking.com itself, recommending users avoid clicking on links within such messages. Notably, these warnings were not mirrored by alerts within the Booking.com mobile application, leading to some initial confusion among users about the legitimacy of the emails.
When contacted for comment, Booking.com’s communications lead, Sage Hunter, provided a statement confirming the security incident. “We recently noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information. Upon discovering the activity, we took action to contain the issue,” Hunter stated. The company has updated PINs for the impacted reservations and directly informed the affected guests. While Booking.com did not disclose the scale of the breach or the exact number of users impacted, it assured that all affected individuals would be notified individually and emphasized that multilingual customer support remains available around the clock.
Separately, some users on online forums reported being targeted by scammers who seemed to possess private reservation details. It is currently unclear whether these attempted frauds are directly connected to this newly disclosed security breach. As one of the world’s largest online travel agencies, Booking.com facilitates hundreds of millions of bookings annually across millions of properties, making the protection of user data a critical priority. The incident serves as a stark reminder for all travelers to monitor their accounts and communications carefully following any data exposure notice.
(Source: BleepingComputer)
