Overview
- Booking.com said unauthorized third parties accessed booking records for a subset of customers, including names, email addresses, phone numbers and reservation details.
- The company said payment data and physical postal addresses were not accessed, based on what its investigators have found so far.
- Booking.com issued new reservation PINs for affected bookings, which are the codes customers use to view or change a reservation, and alerted users by email.
- Users have reported payment demands in the platform chat, international calls and WhatsApp links, and the company reiterated it will never ask for card details by email, phone, SMS or WhatsApp and will not request off‑platform transfers.
- The scope and entry method remain undisclosed as the probe continues, and past cases show many scams start from hacked hotel or partner accounts, so experts urge password changes, two‑factor authentication and paying only through official Booking.com channels.