Booking.com hack: customers’ names, addresses and telephone numbers accessed

I'm glad I use 2FA and an authenticator app. I also don't keep my payment information on there. I just don't think it's very secure most of the time.

The only thing I ever use Booking.com for is research.

This is not unusual. There have been so many reports of problems with their website. The Booking.com cheerleaders will tell you that it’s the hotels with bad security but for someone who works in cybersecurity , there’s too many coincidences, for it not to be a case of whether there is smoke there’s fire

I received the emails from Booking for a couple of my reservations; I currently have many. Mainly it’s just warning to not open links or give credit card information through any outside, I.e. WhatsApp correspondence.

Since I pay for my lodging when I reserve it, I know any odd email sent to update payment info, etc. is a scam. I’ve only received one of those once which also had the fake urgency that it must be done immediately.

Yes, I have had 2 emails regarding this. What I think is strange is that clearly booking has been hacked going back several years and are just now acknowledging it. Makes me wonder if 1) it is worse; or 2) they are just finally kind of addressing the problem.

I have two hotel reservations with booking.com for May.

Did not receive an email. Went to my page and there are no notifications.

I have used booking.com for many years without any problems.

This trip is I believe the only time in my years of travel that I actually booked in booking.com. The place had no other way to be found. Was there last week, and no issues, other than finding out how to communicate with owner, turned out WhatsApp messaging was in order.

I have 3 reservations with booking and didn’t receive an email. I’m thankful for this post because I have just removed the payment method saved to my account. It will be safer to have to provide the card number each time book something.

TexasTravelMom, I agree that it's been an ongoing issue over the past couple of years, and I know they've been aware of it for a while. If you take a look on this forum, there are several posts that show it dates back several years, but some address Booking.com's responses. Here's a few I found with a quick search, and I'm sure there's probably more. It seems to pop up every six or so months. You'll find a lot more posts about it on the subreddit r/Bookingcom.

https://community.ricksteves.com/travel-forum/tourist-scams/warning-booking-com-passwords-compromised-and-now-for-sale-over-the-internet
https://community.ricksteves.com/travel-forum/general-europe/fraudulent-booking-com-email
https://community.ricksteves.com/travel-forum/tourist-scams/almost-fell-for-a-scam-on-booking-site-be-smarter-than-me

ETA: I would suggest that anyone who uses Booking.com take advantage of their extra security measures, which they do have to their credit. They offer two-factor authentication (2FA), use of a passkey (PIN or biometrics), and using an authenticator app. I use both 2FA and an authenticator app (Google's) and haven't had any problem with anything so far (knock on wood).

Here is a link to their security settings, so take a look in there and check to see if you are using any or all of them. If you're not, you should be. https://account.booking.com/mysettings/security

I just received a message from them advising a change in PIN number for a booking I have for a hotel .
I will definitely look at my security settings with them.
I have used them for years with great results .

This mentions the current hack but also adds:

[snip]
In 2018, criminals used phishing tactics to steal login details from hotel employees in the United Arab Emirates, and were then able to gain access to the booking data of more than 4,000 people on the platform.
Booking.com reported the breach to the Dutch privacy regulator 22 days late, resulting in a fine of €475,000.

https://www.theguardian.com/technology/2026/apr/13/booking-com-customers-hack-exposed-data

Current hack:
https://www.securityweek.com/booking-com-says-hackers-accessed-user-information/

I'm not sure that a data breach report from 8 years ago cited above is necessarily reflective of the current situation. The OP has provided a good reminder that if you use online tools you should implement as many security features as you can (Mardee noted several specific to the topic). I also use Booking for research and reserving properties and have not had issues, but it pays to be vigilant nonetheless.

FWIW, I've had recent data breach reports from both my cable/internet and cell phone providers. An unfortunate reality of the digital age.

Well, I got an email from booking.com today about a security breach, etc.

Booking told me that they had changed the pin number on my booking(s) for my protection but they did not tell me what reservation.

I have two active ones.

It turned out that they changed the pin number on the booking that I had cancelled. I had cancelled a reservation and then rebooked.

I had to call booking earlier today for another matter and it was very hard to get though but I did and was happy with customer service. However I would not like to have to call them again unless necessary.

I received the security email today. It included that they were changing the pins on 2 reservations. I have no upcoming reservations. It was for 2 reservations in March 2026 that we have completed. We had many reservations in March, but they only changed pins for 2 of the reservations. Although with the reservation complete not sure why they would change the pin.

"I'm not sure that a data breach report from 8 years ago cited above is necessarily reflective of the current situation"

The "reflective" part is how they handled it.

"Booking.com reported the breach to the Dutch privacy regulator 22 days late, resulting in a fine of €475,000."

Your 'reflective part' is of no importance.
At that time booking.com was a Dutch company. Today it's a US company ... and, let’s face it, Europe is more serious in dealing security breaches.