The “frictionless” travel promised by Booking.com just hit a major snag. The global travel giant has begun notifying customers, including those in South Africa, that their personal information may have been exposed following a security breach by unauthorised third parties.
The Amsterdam-based company, which has grown from a 1996 Dutch start-up into a behemoth with over 28 million listings, confirmed that “suspicious activity” recently flagged a number of reservations.
While the company acted quickly to contain the leak, the nature of the data accessed has left many travellers uneasy.
What was exposed during the data breach?
According to the notification sent to affected users, the breach involves a wide net of personal details. If you were part of the leak, unauthorised parties may have accessed:
- Full names and email addresses
- Physical addresses and phone numbers
- Specific booking details and reservation history
- Any additional information shared directly with properties (such as special requests or ID details)
In a proactive move to prevent account takeovers, Booking.com confirmed it has already reset reservation PINs for affected accounts to secure existing bookings.
The “invisible” scale
Despite the warning, Booking.com has remained tight-lipped about the true magnitude of the incident. With a platform available in 43 languages and a portfolio of 6.6 million homes and apartments, even a “small percentage” of affected users could translate into thousands of individuals.
“At Booking.com, we’re dedicated to the security and data protection of our guests. In that spirit, we’re writing to inform you that unauthorised third parties may have accessed certain booking information.” the email said.
The company has not yet disclosed how many listings were compromised or how the “unauthorised third parties” gained entry in the first place.
Booking.com is now urging all users to stay vigilant.
Travellers are advised to:
- Watch for “urgent” requests: Be wary of emails or WhatsApp messages from “properties” asking for immediate payment or credit card verification to “save” a booking.
- Verify the source: If you receive a suspicious message, contact the hotel or guesthouse directly through the official Booking.com app rather than clicking links in an email.
- Update security: Use antivirus software and ensure your Booking.com password is unique and not used for other sensitive accounts.
As the platform continues to connect millions to “memorable experiences,” this incident serves as a stark reminder that in the digital age, the most memorable part of a trip shouldn’t be a stolen identity.
