Booking.com has confirmed unauthorized access to its systems exposed sensitive reservation and user data, prompting the company to force users to reset their reservation PINs.
Booking.com detected the breach after identifying suspicious activity within its infrastructure. The company confirmed the incident to BleepingComputer, stating that attackers gained access to a portion of its user database containing reservation details and account information.
The exposed data includes reservation numbers, user names, email addresses, and encrypted booking information. Users with active reservations were notified of the breach and required to reset their reservation PINs—the codes used to access and modify bookings without logging into an account.
Booking.com has not disclosed the exact number of affected users or provided details about how attackers infiltrated its systems. The company stated it has secured the compromised systems and is investigating the scope of the unauthorized access.
Reservation PINs are particularly valuable to attackers because they allow direct access to booking details without requiring passwords. By resetting these codes, Booking.com aims to prevent unauthorized modifications to existing reservations, which could be used for fraud or extortion.
The breach is the latest incident affecting a major travel platform. Booking.com, which processes millions of reservations annually across its platform serving 220+ countries, has faced previous security concerns but maintains its position as a primary reservation service.
The company advised users to monitor their accounts for suspicious activity and contact customer support if they notice unauthorized changes to their reservations. It also recommended using strong, unique passwords for Booking.com accounts and enabling two-factor authentication where available.
Booking.com said it is cooperating with relevant authorities and has notified affected users via email. The company did not specify when the breach was discovered or how long attackers had access to the systems before detection.
Caller ID service Truecaller is pushing back against India's telecom regulator over new anti-spam regulations, claiming users are increasingly blocking calls from the country's dedicated business number series.
Telstra customers faced a second day of disruptions Thursday as a secondary outage prevented some from reaching triple-zero emergency services. Regional train services remained affected following Wednesday's initial mobile network failure.
Australia's government has instructed volunteers to discard thousands of functional test routers despite the devices being capable of being reflashed for continued use.
A lawsuit alleges a man used X's Grok AI to create approximately 7,000 sexually explicit images of his stepdaughter before taking his own life. Multiple young girls are now suing X, claiming the platform failed to prevent the abuse.