If you use Booking.com to reserve hotels, this is of great interest to you. The most popular travel platform in the world confirmed that it suffered a cyber attack in which “unauthorized third parties” managed to access non-public information about their clients. The incident was detected recently and has already raised alarms around the world, from Europe to Latin America.
The Amsterdam-based company acknowledged the attack this week after multiple users reported receiving suspicious emails.
The worrying thing is not just that it happened, but that Booking.com has been dealing with it for years. similar security issuesand it seems that it still cannot completely protect the information of its millions of users.
What user data was exposed
Here comes the part that hurts the most. Cybercriminals accessed a significant amount of non-public information linked directly to user reservations. As confirmed by the company itself, the compromised data includes:
- Full names of users
- Email addresses
- Telephone numbers
- Physical addresses
- Reservation details (dates, name of the lodge, type of room)
- private messages exchanged with accommodations through the platform
The good news, if you can call it that, is that Booking.com ensures that financial data such as credit card numbers were not compromised directly from your systems. That said, the combination of data that was exposed is more than enough to cause serious damage.
Why this hack is more dangerous than it seems
This is where you have to pay attention. Have your name, your email, your telephone number and the exact details of your next reservation in the hands of hackers is the perfect ingredient to execute ultra-personalized phishing attacksknown as spear phishing.
What does that mean in practice? Imagine receiving an email that appears to come from Booking.com, which has your exact name, the name of the lodge where you are staying, the exact dates of your stay, and your phone number. Everything seems legit. Then they ask you to “confirm your payment information” so as not to lose the reservation. That’s the deception. These types of targeted attacks have significantly higher success rates than generic phishingand represent more than 65% of successful corporate breaches on digital platforms.
In fact, there are already reports of users who received WhatsApp messages with detailed information about their reservations, clearly used to try to scam them. That indicates that hackers are already actively exploiting stolen data.
What Booking.com did after discovering the attack
When the company detected the “suspicious activity,” it acted immediately on several fronts. First, reset the PIN codes of all affected reservationsboth active and past. Second, it began directly notifying the involved users via email. Third, notified data protection authorities corresponding, as required by European regulation.
However, there is something that is quite annoying: Booking.com has not given specific figures on how many users were affected.nor how long the attackers had access to the systems, nor exactly how they managed to enter. This lack of transparency is a serious problem. Considering that the platform has had more than 6.8 billion customers since 2010the potential scope of the attack is enormous, although there is no official data yet.
If you received an email from Booking.com in the past few weeks, review it carefully. Do not click on any suspicious links, do not share bank details Even if the message seems official, and if you have an active reservation, go directly to the app or website to verify that everything is in order. Cybercriminals already have your data; Now it’s up to you not to fall into the trap.
Keep reading:
• Rockstar Games confirms hacking to external supplier: Will GTA VI be affected?
• What to do if your phone is hacked
• Crunchyroll Hack: 100 GB of sensitive user data exposed, including credit card information
