Booking.com has recently alerted customers about a data breach that may have resulted in unauthorized access to their reservation details. In an email sent over the weekend, the online travel agency warned that "unauthorized third parties may have been able to access certain booking information associated with your reservation." However, specific details regarding which systems were compromised or the full extent of the breach were not disclosed.
The company mentioned that they "recently noticed suspicious activity affecting a number of reservations," leading to an investigation that revealed potential access to personal information such as names, email addresses, physical addresses, and phone numbers tied to the bookings. Additionally, the breach may have exposed specific information that customers shared with their accommodations through the Booking.com platform.
Fortunately, the company reassured customers that their financial information remains secure and was not accessed during the breach, as reported by various sources. Booking.com stated that the "issue" has been contained and that affected users are being notified. In a precautionary measure, the agency has updated the PIN numbers associated with affected reservations to enhance security.
Increased Risk of Phishing Scams
Customers of Booking.com have taken to social media platforms, including Reddit, to share their experiences of receiving multiple alert emails regarding both current and past reservations. Some users reported receiving scam attempts via WhatsApp, where scammers leveraged personal details, booking references, reservation dates, and hotel names. The link between these scam attempts and the data breach has not been established.
Keven Knight, the CEO of a UK-based managed security services provider, commented on the situation, emphasizing the potential scale of the attack, given that Booking.com is a leading travel agency worldwide. "Currently, it looks like attackers accessed personal details and previous bookings, but no financial information was compromised. This is somewhat comforting, but victims should be aware that… stealing financial information isn’t the only way attackers can monetize a breach. Victims are still at risk of phishing, and these communications could be highly tailored, given that attackers are aware of previous holiday bookings," Knight explained.
In a related note, a cybersecurity firm based in Dubai, Hackmanac, reported that a hacking group known as Vect has claimed responsibility for breaches at both Booking.com and Airbnb, although these claims have yet to be verified.
As a precaution, customers are advised to remain vigilant for any suspicious communications and to take necessary steps to secure their accounts. Booking.com has recommended that users change their passwords and be cautious of any unsolicited messages that may use their personal information.
In light of the breach, Booking.com is encouraging customers to subscribe to their breaking news email alerts to stay updated on any future breaches, vulnerabilities, and cybersecurity threats.
Source: Help Net Security News