Detection of unauthorized access to Booking user data

The cyberattack on the Booking.com booking platform was made public on April 13, 2026, when the company acknowledged that it had detected suspicious activity in its systems. The news began to spread that same day through national and international media, following a notification sent to potentially affected users. The incident involved unauthorized access to certain data related to reservations. Although the full scope of the attack was not initially specified, it was confirmed that it was a significant global security issue. Since then, the case has been closely monitored by cybersecurity experts, authorities, and the media.

In its statement, the company explained that unauthorized third parties had accessed the personal information of some users, including names, email addresses, phone numbers, and booking details. However, it emphasized that financial data, such as credit card information, had not been compromised. Those most affected were customers who had made reservations through the platform, whose data could be used in fraud attempts, particularly through phishing techniques. As an immediate response, the company implemented measures such as resetting security PINs, strengthening its systems, and sending warnings to users to prevent potential scams. Additionally, an internal investigation was launched to determine the exact origin and scope of the incident.

The case remains under investigation as the company works to strengthen its security protocols and collaborate with external experts. Although the attack appears to have been contained, there remains a risk that the stolen data could be used in targeted fraud campaigns; therefore, authorities and the platform itself recommend remaining vigilant.