Hackers accessed Booking.com customer data via hotel systems, exposing personal details in phishing attacks, Dutch authorities warn.
Cybercriminals have accessed customer data linked to Booking.com, using compromised hotel systems to launch targeted phishing attacks against travelers.
According to authorities, the breach did not originate from Booking.com’s central systems. Instead, attackers gained access to hotel accounts connected to the platform, allowing them to view booking details and contact information.
Using this access, hackers sent fraudulent messages to customers posing as legitimate communications from hotels. Victims were often asked to confirm payment details or provide credit card information through malicious links.
Investigators said the attackers were able to see names, booking references, and contact details, making the phishing attempts appear highly convincing.
The incident has raised concerns about the security of third-party systems integrated with major travel platforms, where weaker protections can be exploited to gain indirect access to sensitive customer data.
Dutch fraud and cybersecurity agencies warned travelers to be cautious of unexpected messages related to their bookings, especially those requesting urgent payments or personal information.
Booking.com stated that its own systems were not breached and emphasized that it is working with partners to improve security and prevent further incidents.
Authorities say investigations are ongoing as they track the groups behind the phishing campaign and assess the full scale of the data exposure.
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
