Overview
- Booking.com said unauthorized parties accessed some reservation records tied to past stays, including names, emails, phone numbers, and booking details.
- The company reset PIN codes on affected reservations and notified customers as a containment step.
- A spokesperson said payment card data and other financial information were not accessed.
- Users report WhatsApp and phishing messages that cite real stay dates and hotel names to pressure them for extra payments or card details.
- Booking.com has not disclosed how many people were affected or who carried out the attack, and a documented scam in December suggests misuse may have started earlier.