Hackers Accessed Booking.com Customer Personal Data, Company Confirms
On Monday, Booking.com officially confirmed that unauthorized threat actors may have gained access to customers' personal information, including full names, email addresses, phone numbers, and individual reservation details. Multiple public online posts confirm the global travel and accommodation booking giant began notifying impacted customers of the data breach earlier this past week.
One Reddit user shared a copy of the breach alert they received, which reads: “We’re writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation.” Multiple other Reddit users replied to the original post to confirm they received the identical notification from Booking.com. The alert lists the compromised data as the personal and reservation details above, plus any extra information customers shared directly with their booked accommodation.
The Reddit user who posted the notification told TechCrunch they received a phishing message via WhatsApp two weeks before Booking.com's official alert, and the scam already included their accurate personal details and booking information. This indicates hackers are already actively leveraging stolen data to target Booking.com customers for follow-up fraud.
Booking.com spokesperson Courtney Camp shared an official statement with TechCrunch: “We noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information. Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.”
Camp declined to answer TechCrunch's specific follow-up questions, including requests to confirm how many customers were impacted and notified of the incident. The company did confirm to The Guardian that no customer financial information was accessed by the unauthorized actors.
This is not the first high-profile security issue linked to Booking.com's ecosystem in recent years. In 2024, TechCrunch reported that hackers installed consumer-grade spyware (commonly called stalkerware) on multiple hotels' internal devices. In one documented case, a hotel employee was logged into their official Booking.com administrative portal when the pcTattletale stalkerware captured a screenshot of their active session.
Promotional: TechCrunch Disrupt 2026
Meet your next investor or portfolio startup at Disrupt
Your next funding round. Your next key hire. Your next breakout industry opportunity. Find it all at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and top tech leaders gather for three days of 250+ tactical sessions, high-value professional introductions, and market-defining innovation. Register now to save up to $410 on your attendance pass.
Meet your next investor or portfolio startup at Disrupt
Your next funding round. Your next key hire. Your next breakout industry opportunity. Find it all at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and top tech leaders gather for three days of 250+ tactical sessions, high-value professional introductions, and market-defining innovation. Register now to save up to $410 on your attendance pass.
Per public data on Booking.com's official website, the platform has processed 6.8 billion bookings for hotel rooms and private accommodation globally since 2010.
This article has been updated to add a comment from Booking.com's spokesperson confirming customers' physical addresses were not compromised in the breach.
Hackers Accessed Booking.com Customer Personal Data, Company Confirms
