{“lastseen”:”2026-04-16T10:09:11″,”description”:”Travel companies love telling you your data is safe. Booking.com just reminded everyone why that’s a hard promise to keep.\\n\\nThe Amsterdam-based booking giant began notifying customers on April 13 that \\”unauthorized third parties\\” had accessed guest reservation data. The compromised information includes booking details, names, email addresses, physical addresses, and phone numbers\u2014essentially everything you’d need to convincingly impersonate a hotel contacting a guest. \\n\\nThe criminals appear to have accessed the data by compromising Booking.com’s hotel partners. A Microsoft report blames the ClickFix phishing technique, which gets victims (in this case, hotel employees) to install malware disguised a computer \\”fix.\\”\\n\\nMicrosoft blames a criminal group called Storm-1865 for the caper, and caught it running exactly this kind of campaign against hotel workers across across North America, Oceania, South and Southeast Asia, and Europe, deploying nasty malware like XWorm and VenomRAT through fake CAPTCHA pages. \\n\\nBooking.com’s customer notification warned that the exposed data could be used for phishing and said it would never ask for sensitive information or bank transfers. \\n\\nBut scammers have a proven playbook for turning stolen booking data into cash. They can hijack a reservation by impersonating a hotel, message guests demanding a further payment, or credit card details for \\”payment verification.\\” The stolen data gives them everything they need to convince the hotel customer they’re legit.\\n\\nThe UK’s Action Fraud received 532 reports of Booking.com scams like this between June 2023 and September 2024, with victims losing \u00a3370,000 (around $470,000).\\n\\nThis has happened to Booking.com partners and customers before. In 2018, criminals phished hotel employees and accessed data belonging to Booking.com customers. Scammers also conducted a voice phishing campaign later that year that targeted 40 hotels in the UAE. Over 4,000 customers’ data was stolen, including credit card data from 300 people. Booking.com was late reporting the breach to the Dutch privacy regulator, which imposed a \u20ac475,000 fine (around $560,000) in 2021. \\n\\n## **The travel industry ‘s recurring breach problem**\\n\\nBreaches like these are a pattern in the travel business. In January 2026, Eurail disclosed a breach that spilled passport numbers, addresses, and, for some travelers, photocopies of IDs and health data. KLM and Air France had customer data swiped in August 2025. Hertz, Dollar, and Thrifty were all caught in the Cl0p gang’s exploitation of Cleo file transfer software, with criminals pilfering drivers’ licenses and credit card data.\\n\\nWhat’s interesting about all of these incidents is that like the Booking.com data heist, all involve compromise of third parties rather than the travel operations themselves. The travel industry sits on enormous troves of passport numbers, payment cards, and itineraries. And its security posture of sprawling supply chains, franchised operations, and third-party platforms makes it a soft target.\\n\\n## **What you can do**\\n\\nHow many customers were affected? Booking.com isn’t saying. For a platform with over 100 million active mobile app users and 500 million monthly website visits, that silence is concerning. \\n\\nIf you’ve used Booking.com recently, here’s the practical guide to protection. Don’t trust messages asking you to \\”verify\\” payment details, even if they arrive through the platform itself.\\n\\nHere is Booking.com’s own advice about these scams, issued before this latest incident: \\n\\n\\u003e \\”If there is no pre-payment policy or deposit requirement outlined, but you’re asked to pay in advance to secure your booking, it is likely a scam.\\”\\n\\nCheck your booking confirmation email for what you actually owe and when. If anything seems off, contact the property directly, rather than through a link someone sends you. And watch your bank statements. The scammers who exploit this kind of data don’t always strike immediately.\\n\\n* * *\\n\\n**We don ‘t just report on scams\u2014we help detect them**\\n\\nCybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard. Submit a screenshot, paste suspicious content, or share a link, text or phone number, and we\u2019ll tell you if it’s a scam or legit. Available with Malwarebytes Premium Security for all your devices, and in the Malwarebytes app for iOS and Android.”,”published”:”2026-04-16T08:02:06″,”modified”:”2026-04-16T08:02:06″,”type”:”malwarebytes”,”title”:”Booking.com breach gives scammers what they need to target guests”,”source”:””,”references”:””,”id”:”MALWAREBYTES:37CA873A62B33E16DE1593B019648497″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/data-breaches\/2026\/04\/booking-com-breach-gives-scammers-what-they-need-to-target-guests”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-16T10:09:11″,”description”:”Travel companies love telling you your data is safe. Booking.com just reminded everyone why that’s a hard promise to keep.\\n\\nThe Amsterdam-based booking giant began notifying…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-47417","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n