Booking.com says unauthorized parties accessed some reservation-linked guest data, prompting PIN resets, guest notifications, and cooperation with authorities to investigate credential theft affecting the platform.
The Incident
Attackers compromised Booking.com systems and accessed reservation details including names, contact information, and booking references. The company moved quickly to reset reservation PINs as a precautionary measure.
The Response
Booking.com notified affected guests, reset security credentials, and worked with law enforcement to investigate the breach. The company emphasized that no payment card data was accessed in the incident.
Key Lessons
- Quick credential resets can limit ongoing exposure
- Guest communication is critical for trust preservation
- Reservation systems are high-value targets for attackers
- Even partial data exposure can enable follow-on attacks