Booking.com has confirmed a massive cyberattack that has resulted in the leak of personal data of its clients. The incident affects users and hotel establishments in Andorra that managed vacation bookings through the platform.
The security breach has exposed full names, email addresses, phone numbers, and specific details of active reservations. Those affected have begun to receive fraudulent messages via WhatsApp and email requesting banking information under the premise of confirming supposed reservations.
Scammers simulate urgent payment validations
The criminals use the leaked information to execute highly targeted fraud campaigns. The fake links simulate validating pending payments or reservations with the objective of stealing banking credentials from unsuspecting users.
Cybersecurity experts warn that the combination of personal data and travel details facilitates identity theft. The accuracy of the information allows attackers to generate a false sense of urgency and legitimacy in their communications.
Several hotels in Andorra have initiated warning protocols to their guests upon detection of these fraud attempts. The establishments clarify that they never request additional payments through instant messaging applications or unverified external links.
The company assures that sensitive financial data remains intact. Customers' credit card numbers and bank accounts have not been compromised.
Company Resets PINs and Strengthens Internal Systems
As an immediate containment measure, the platform has proceeded to reset the access PINs of affected users. In addition, it has reinforced its internal security systems and sent massive warnings to millions of customers to prevent unauthorized access.
Booking.com has initiated an internal investigation in collaboration with external cybersecurity experts. The technical team's objective is to determine the exact origin of the attack, assess the real scope of the breach, and implement barriers to prevent new intrusions.
Authorities recommend extreme caution in the coming weeks. The risk of leaked data being used in new digital fraud campaigns persists as cybercriminals exploit the stolen database.
It is advised not to access suspicious links or provide banking information outside of the company's official channels. Users should check the status of their reservations directly on the official Booking app or website and contact the accommodation in case of doubt.
Activating two-step verification constitutes an essential preventive measure. Distrusting urgent messages about payments or reservation modifications significantly reduces the probability of falling into these digital traps.