A week after Booking.com disclosed a potential data breach, concerns continue to grow about the safety of customer information. The company acknowledged that hackers may have gained unauthorized access to certain user details.
According to its official statement, information such as names, email addresses, physical addresses, phone numbers, and in some cases limited financial data shared during bookings could have been exposed. This revelation has raised alarms among users, many of whom now fear they could become targets of fraud or identity theft.
Over the past weekend, several customers in the United Kingdom reported suspicious activity linked to the breach. Users shared experiences on Telegram, claiming they had received emails and messages urging them to “reconfirm” personal details or reset account passwords via embedded links. These messages are widely believed to be phishing attempts designed to exploit the situation. By mimicking legitimate communication, cybercriminals aim to trick users into revealing sensitive credentials.
In response, the Netherlands-based company emphasized that it has strengthened its security infrastructure. Booking.com stated that it has implemented additional safeguards to protect its systems and prevent similar incidents in the future. The company also reassured customers that it is actively monitoring the situation and working to minimize risks associated with the breach.
Meanwhile, cybersecurity experts warn that the fallout may extend beyond initial data exposure. Norton has predicted a potential increase in a type of scam known as “reservation hijacking.” In such schemes, attackers may contact affected users pretending to offer assistance with bookings, often promising discounted rates or smoother reservation processes. Victims could then be persuaded to transfer money or share further personal details under false pretenses.
Security researchers have issued clear guidance to help users stay protected. Customers are strongly advised not to share banking information, passwords, or other sensitive data through messaging platforms such as WhatsApp, Telegram, or Signal, or via unsolicited emails. Legitimate service providers, including Booking.com, do not request confidential information through these channels.
The incident serves as a reminder of how quickly cybercriminals can exploit security lapses. While the company maintains that it is taking corrective measures, users are encouraged to remain vigilant. Monitoring financial statements, avoiding suspicious links, and updating passwords regularly are some of the basic steps that can help reduce the risk of falling victim to scams stemming from such breaches.
Join our LinkedIn group Information Security Community!
