info@businessghana.com
While no financial data was stolen in the recent Booking.com cyberattack, cybersecurity experts warn that the true danger lies in how the exposed information could be used for highly targeted fraud.
According to Richard Ford, Group CTO at Integrity360, the risk lies in something far greater than financial data.
“Given the scale of Booking.com, this has the potential to impact a huge number of people, even without financial data being exposed. The real risk comes from the details around bookings.”
Ford further explained. “That information allows attackers to create highly convincing messages, whether that’s a WhatsApp, email, or phone call that feels completely legitimate. What makes this more dangerous is how normal these interactions already are.
He stated that because customers are used to receiving links for check-in, property details, or follow-ups after a stay, attackers can easily slip in malicious links that can steal information or compromise devices.
Ford warns: “This isn’t limited to upcoming trips either. Past bookings can be used to send believable follow-up messages, which many people are less likely to question. The safest approach is to avoid clicking on links in unexpected messages and go directly to the Booking.com app or website to check any communication. For businesses, it underlines how quickly exposed data can be used to target customers in ways that are difficult to distinguish from genuine contact.”
The accommodation reservation giant recently alerted customers that unauthorised third parties had successfully accessed guest booking information. According to emails sent to impacted users, the compromised data could include names, email addresses, phone numbers, booking details, and any personal communications shared with the accommodation.
A spokesperson for the company, which is headquartered in Amsterdam and lists over 30 million venues worldwide, confirmed to media that financial and payment information was not accessed. The exact number of customers affected by the breach currently remains undisclosed.
Booking.com has not provided technical details explaining exactly how the attackers breached its systems. The platform stated it “noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information”.
Upon discovering the intrusion, the company stated it immediately took action to contain the issue. To secure user accounts, Booking.com has updated the PIN numbers for affected reservations and directly informed the impacted guests.
This data breach is the latest in a series of cybercrime issues plaguing the travel platform. Booking.com has recently struggled with a rising number of online scams where fraudsters ask customers to verify payment details before a trip, subsequently charging them high amounts. Recently, multiple users have reported being contacted by scammers using what appeared to be real reservation details, though it is not yet confirmed if these scams are directly linked to this newly disclosed breach.
The company has faced similar vulnerabilities in the past; in 2018, criminals successfully used phishing tactics to steal login credentials from hotel employees in the UAE, compromising the booking data of more than 4,000 people.
