Booking.com Confirms Breach Exposing Reservation and User Data, Forces PIN Resets

Booking.com has confirmed unauthorized access to its systems that exposed sensitive reservation and user data. The platform has forced reservation PIN resets as an immediate containment measure. The total number of affected users has not been disclosed; Booking.com says the issue has been contained.

Exposed reservation data may include travel itineraries, contact information, and partial payment details. This creates a high-quality social engineering surface — attackers with knowledge of upcoming travel plans can craft highly convincing phishing lures. Booking.com users should update account passwords, enable two-factor authentication if not already active, and treat any unexpected communications referencing their reservations with heightened suspicion.