Booking.com Data Leak

-


 


Booking.com is dealing with a confirmed reservation‑data breach, and the picture is now fairly clear across multiple international reports. Here’s the distilled, security‑grade breakdown you’d expect.

What Happened

Hackers or other unauthorized third parties accessed customer reservation data, prompting Booking.com to email affected users beginning April 13, 2026. The company says the incident is now “under control”, but it has not disclosed the scale of impact.
123

Data Exposed

Across all confirmed reports, the compromised data includes:

  • Booking details (dates, property, reservation metadata)

  • Names

  • Email addresses

  • Home/physical addresses

  • Phone numbers

  • Any notes or information shared with the accommodation

Not exposed:

  • Credit card or financial data (confirmed by Booking.com)

  • Passwords

How Attackers Are Using the Data

Several victims reported receiving highly convincing phishing messages, including WhatsApp messages containing real booking details — a strong indicator that attackers are actively weaponizing the stolen data.
4

This aligns with the long‑running trend of Booking.com‑related phishing campaigns targeting both guests and hotels.

Booking.com’s Response

  • Reset PIN numbers on affected reservations

  • Contacted impacted customers directly

  • States the issue is contained

  • Has not disclosed the number of affected users or technical root cause
    3

Risk Level for Customers

The biggest threat here is targeted social‑engineering attacks, not financial theft from Booking.com’s systems.

Attackers can now craft messages that look extremely legitimate because they contain real reservation details. Expect:

  • Fake “payment confirmation” requests

  • Fake “property needs additional info” messages

  • WhatsApp, SMS, or email phishing

  • Impersonation of hotels or Booking.com support

Cyber‑resilience experts warn that affected customers should expect increased scam attempts in the coming weeks.

 What Customers Should Do Now

  • Do not share credit card details via email, phone, SMS, or WhatsApp

  • Do not make bank transfers outside the official Booking.com payment flow

  • Treat any unexpected contact about your reservation as suspicious

  • Log in directly to Booking.com to verify any claim

  • Consider enabling antivirus/endpoint protection to reduce phishing exposure


Popular posts from this blog

WSUS CVE-2025-59287 Mitigation

-
Image
CVE-2025-59287 is a critical Remote Code Execution (RCE) vulnerability affecting Windows Server Update Services (WSUS) . Here's a detailed breakdown of what it is, how it works, and what you should do about it: Overview Disclosed: October 2025 Patch Tuesday CVSS Score: 9.8 (Critical) Affected Systems: Windows Server 2012 through 2025 (including Server Core installations) Exploitability: Microsoft rates it as “Exploitation More Likely” Technical Details The vulnerability arises from unsafe deserialization of untrusted data in WSUS. Specifically, the GetCookie() endpoint in WSUS processes encrypted AuthorizationCookie objects without proper type validation. The deserialization occurs via .NET BinaryFormatter , which is known to be insecure when handling untrusted input. Attackers can send a crafted SOAP request to WSUS over port 8530 , containing a malicious AuthorizationCookie . The cookie is decrypted using a hardcoded AES key and then deserialized, allow...
Read more

Cloud Infrastructures are Having a Bad Week

-
Image
  Today’s disruptions across Microsoft Azure and Amazon Web Services (AWS) were significant, but they’re not signs of cloud computing’s demise. Instead, they underscore the risks of centralization and the importance of designing systems that can withstand provider-level failures. What happened today? • Microsoft Azure outage: Azure’s Front Door service suffered a major disruption due to a misconfiguration, impacting services like Outlook, Xbox, Microsoft 365, and even third-party platforms like Starbucks and Alaska Airlines. The Azure website states a little more than disruption. "Azure Front Door - Connectivity issues - Observing recovery Starting at approximately 16:00 UTC on 29 October 2025, customers and Microsoft services leveraging Azure Front Door (AFD) may have experienced latencies, timeouts, and errors. We have confirmed that an inadvertent configuration change was the trigger event for this issue. Affected Azure services may have included, but were not limited to: App S...
Read more

CVE-2025-58034 Fortinet Warnings and Mitigation

-
Image
Type: OS Command Injection vulnerability (CWE-78) Affected Product: Fortinet FortiWeb (Web Application Firewall) Affected Versions: 8.0.0 – 8.0.1 7.6.0 – 7.6.5 7.4.0 – 7.4.10 7.2.0 – 7.2.11 7.0.0 – 7.0.11 [nvd.nist.gov] , [cvedetails.com] Description The vulnerability is caused by improper neutralization of special elements used in OS commands . An authenticated attacker can exploit this flaw by sending crafted HTTP requests or CLI commands , allowing them to execute arbitrary code on the underlying system. This can compromise the integrity, confidentiality, and availability of the device. [nvd.nist.gov] , [cvedetails.com] Severity CVSS v3.1 Base Score: 7.2 (High) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Impact: High on Confidentiality, Integrity, and Availability [cvedetails.com] Exploitation Status Actively Exploited: Yes. Fortinet confirmed expl...
Read more