PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Double-Check Your Travel Reservations. Booking.com Hit by Data Breach

The site warns that hackers accessed data, including booking details, names, email addresses, and phone numbers associated with the booking.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Photo Illustration by Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images)

Popular travel site Booking.com has suffered a data breach in which hackers stole customer information, including reservation details. 

On Sunday, users reported receiving emails from Booking.com, warning them that “unauthorized third parties may have been able to access certain booking information associated with your reservation.” The email suggests the hackers have already exploited customer information.

“We recently noticed suspicious activity affecting a number of reservations, and we immediately took action to contain the issue,” Booking.com wrote. “Based on the findings of our investigation to date, accessed information could include booking details and name(s), emails, addresses, phone numbers associated with the booking, and anything that you may have shared with the accommodation.”

Amsterdam-based Booking.com has now generated new PINs for customer reservations to prevent hackers from accessing them. The company is also clarifying that no users' physical addresses were accessed, suggesting address information for lodgings was compromised instead. "While some email addresses may have been accessed, no physical addresses were accessed," the company said.

Recommended by Our Editors

I Was Sick of Android Apps Spying on Me, So I Tried GrapheneOS and PlugOS
I Was Sick of Android Apps Spying on Me, So I Tried GrapheneOS and PlugOS
Apple May Soon Add a Feature That Automatically Locks Snatched iPhones
Apple May Soon Add a Feature That Automatically Locks Snatched iPhones
Your Computer May Soon Require an Age Check. And It Might Not Take ‘No’ for an Answer
Your Computer May Soon Require an Age Check. And It Might Not Take ‘No’ for an Answer

Still, the incident risks exposing affected customers to potential phishing scams. A few Reddit users have already reported receiving scam messages on WhatsApp about their reservations. But we wonder whether the hackers may have been exploiting the breach for a while. The Australian Broadcasting Corporation reports that one Booking.com user received a phone call in December from someone who claimed to be a Booking.com agent but was actually an imposter out to steal his credit card details.

Asked for comment, Booking.com merely said, “We are dedicated to the security and data protection of our guests. We recently noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information. Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.”

The company did not say how many users were affected or who might be responsible for the breach. In the meantime, some customers say they’ve received multiple emails about the breach, prompting them to reach out on social media to ask Booking.com if the emails are legitimate.

Booking.com describes itself as one of the leading providers for online travel, covering over "31 million total reported listings" for lodging.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio