Booking.com confirms massive data breach that could impact millions of travelers — how to stay safe

The travel site, Booking.com, has suffered a data breach that exposed customer data associated with reservations made on the platform. The company reportedly took immediate action forcing PIN resets for existing and past reservations.

Impacted users will receive an email about the breach but so far, Booking.com has declined to disclose how many people may be affected by the breach.

Booking.com is an online travel site that lets you book cars, flights, hotels, taxis and other travel related expenses. Like Expedia or Priceline it acts as a middleman between travelers and providers.

Redditors in the booking.com subreddit reported receiving an email about the breach over the weekend where the PIN reset was revealed. Reportedly, the email said compromised data included: full names, email and postal addresses, phone numbers and some communications shared by hospitality providers.

"At Booking.com, we are dedicated to the security and data protection of our guests. In that spirit, we're writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation," the email reads.

There was some confusion from people who received the emails because nothing was sent out via the Booking.com app, meaning some people questioned the emails legitimacy.

However, a communications rep with the company confirmed the breach to BleepingComputer, saying:

“At Booking.com, we are dedicated to the security and data protection of our guests. We recently noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information. Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests," Sage Hunter of Booking.com told the site.

How to stay safe after a data breach

Booking.com platforms over "30 million accommodations" per its website and services hundreds of millions of customers. With potentially millions of people affected, it's best to get ahead of any potential malfeasance enacted with your stolen information.

Normally, a company exposed in a data breach offers free access to one of the best identity theft protection services. However, it's unclear if Booking.com is doing so for this breach. You may want to avail yourself of one of these services regardless.

I saw some Redditors saying that they received multiple emails about the breach. Booking.com does have a page with trusted emails. If any of your the email addresses you receive purporting to be from the platform aren't on that list I would delete the email.

Keep an eye out for potential phishing emails in general and try not to download malicious attachments that are designed to infect your devices with malware. Be sure to protect your PC or Apple comptuer with the best antivirus software or the best Mac antivirus software.

Impacted users should start seeing emails from Booking.com if you haven't already. If you aren't seeing one, be sure to check your spam folders, just in case but be wary of bad email addresses. Likewise, you may get a data breach notification in the mail shortly so be on the lookout for that as well.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Subscribe to Tom's Guide on YouTube and follow us on TikTok.

More from Tom's Guide

• ‘Don’t be a victim!’ NSA warns to reboot your router right now
• Comcast is paying $117 million in data breach settlement — how to file your claim and how much you could get
• Don’t call that number: Dangerous new Apple Pay scam tricks victims into picking up their iPhones