**Booking.com**, a leading online travel platform, has acknowledged a security incident where unauthorized third parties gained access to some users' booking data. This breach has prompted the company to take immediate action, including mandatory PIN resets for both current and historical reservations. ### Breach Details The breach was confirmed in a statement to BleepingComputer by **Booking.com**. The compromised data potentially includes: * Full names * Email addresses * Postal addresses * Phone numbers * Communications shared with property providers Users began reporting suspicious emails over the weekend, purportedly from the official `[email protected]` address, warning of a cybersecurity incident. These emails included updated PINs for reservations and cautioned users against suspicious communications, reminding them that **Booking.com** would never request sensitive information or bank transfers. According to the company's notification: "At **Booking.com**, we are dedicated to the security and data protection of our guests. In that spirit, we're writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation." ### Company Response **Booking.com**’s communications lead, Sage Hunter, issued the following statement: > “At **Booking.com**, we are dedicated to the security and data protection of our guests. We recently noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information. Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.” - Sage Hunter, **Booking.com** The company stated that affected users would be notified individually and that customer support is available 24/7 in multiple languages. ### User Reports and Scams Some users on Reddit have reported being targeted by scammers with access to private reservation details. While it's unclear if these incidents are directly related to the disclosed breach, users are advised to exercise caution when interacting with unsolicited communications regarding their **Booking.com** reservations. Caution is also advised when receiving emails that appear to come from the booked property or **Booking.com** itself, as the service recommends not clicking any links in such messages.