You will get this email if you booked a hotel through Booking.com and the site may have been hacked.
You probably used Booking.com to book a hotel for your summer vacation. It's one of the most popular platforms, which means it's a target for hackers seeking to attack businesses and customers. In this article, we highlight a recent data breach affecting this platform, which may have exposed sensitive user information.
Booking.com took immediate action, forcing customers to reset their PINs for current and past bookings and notifying them accordingly. We at the Houhou Informatics blog were able to access these emails informing customers of the issue. We will explain what type of data may have been accessed and how to handle it.
Booking.com suffered a security breach, allowing unauthorized third parties to access customer booking data. The company stated that it discovered the incident and acted as quickly as possible, which is why it immediately sent emails to affected users.
It should be noted that the company has not yet clarified the exact nature of the incident, the number of affected users, or how long the data was exposed. However, it has sent emails to customers presumed to be victims of the breach, indicating that it has changed the PIN code for the affected reservation.
Here is a screenshot of one of these emails sent by Booking.com, which we at the Houhou for Information blog were able to access:
According to the same email, the leak may have affected the following data:
Booking details.
- Customer name (or customer names, if there is more than one name in the booking).
- Email address.
- The actual address.
- phone number.
- Other data involved in the booking.
It should be noted that no banking information, payment methods, or booking account passwords were leaked. However, attackers could potentially obtain all of this information through phishing attacks after acquiring certain data beforehand.
How to act
Although no cases have been reported yet, if you are a victim of this security breach, you may receive an email or text message impersonating Booking.com. The sender may tell you there is a problem with your booking, that they need to verify your bank details, or that you need to send something to avoid cancellation, etc.
This is all a scam. Once they obtain your personal data and booking information, they aim to intimidate you into handing over sensitive information or entering your password via a phishing link. Therefore, it is crucial to use common sense and avoid making mistakes.
Always remember that Booking.com will never ask you for your bank card details, whether via email, WhatsApp, or SMS, nor will it ask you to make a bank transfer outside of its platform. Furthermore, the platform itself advises caution regarding messages received directly from hotels, as there have been instances of hotel account hacks.
Make sure you enable two-step verification on your accounts. This helps reduce the risk of phishing attacks, as it provides an extra layer of security beyond just your password.