One of the world’s largest travel platforms has confirmed a data breach. Booking.com says unauthorized third parties accessed personal information belonging to millions of users, exposing names, email addresses, phone numbers, and booking details.

The Dutch company notified affected users directly, clarifying that financial information such as credit card numbers was not compromised. However, personal data tied to bookings could have been exposed, including messages exchanged with accommodations.

Watch for Phishing Attempts

Booking.com has issued a specific warning about fraud attempts. Attackers could use the stolen data to impersonate the company or hotels, contacting users via email, phone, SMS, or WhatsApp to request additional payment information.

The company advises never sharing financial details through these channels. Any suspicious communication should be verified directly with official customer support.

A Pattern of Security Issues

This is far from Booking.com’s first security incident. Back in 2018, cybercriminals used phishing techniques to steal credentials from hotel employees in the United Arab Emirates, gaining access to data from over 4,000 platform users.

Booking.com has not disclosed the exact number of people affected by this recent incident. The investigation is ongoing, and the company says it is cooperating with relevant authorities.

If You’re Affected

Users who receive suspicious communications should report them immediately to Booking.com support. It’s wise to change your account passwords and enable two-factor authentication where available.

For anyone who has booked through the platform, staying alert to social engineering attempts is your best defense against misuse of the exposed information.