Overview
- Booking.com says unauthorized parties accessed names, contact details, and reservation specifics, and it reset reservation PINs and warned affected guests.
- Travelers report phishing through platform messages, email, and WhatsApp that cite real booking dates and properties and demand payment confirmation or card details.
- Microsoft links the activity to hotel-partner compromises using ClickFix-style phishing that installs remote-access malware such as XWorm and VenomRAT and attributes it to group Storm-1865.
- The company says its systems did not expose customer payment data, yet it has not disclosed how many people were affected or where they are located.
- Security history points to wider risk in travel supply chains, with UK Action Fraud logging hundreds of similar scams and a prior Dutch regulator fine after a 2018 Booking.com-related breach.