Did you recently book a hotel or a flight for your vacation or a family visit using Booking.com? You need to pay attention. Hackers have broken into the company’s systems, and customer data has been exposed. Now, scammers are using that information to try and empty bank accounts.
What exactly happened?
In April 2026, Booking.com confirmed that unauthorized persons gained access to the data of a large number of customers. The stolen information includes your name, email address, phone number, and home address. Even more dangerous: the hackers can see exactly which hotel you booked and your travel dates.
The good news: Booking.com states that your full credit card details and passwords were not stolen. However, by knowing your name and your exact travel plans, thieves can create very convincing lies to trick you into giving them money.
How are they trying to trick you?
The hackers are using a sophisticated trick called “phishing.” Because they know which hotel you are staying at, they send you a message that looks 100% official. This often happens through the official Booking.com app or via WhatsApp.
The most common trick:
“There is a problem with your payment. You must re-verify your credit card details within 24 hours via this link, or your booking will be cancelled.”
Because the message often appears inside the official chat of the app, many people think it is safe. But the link in that message sends you to a fake website that looks exactly like Booking.com. The moment you enter your details there, the thieves take your money.
3 Tips to stay safe
- Never pay via a link in a chat: Booking.com will never ask you to pay or “verify” your card via a random link sent in a message. Official payments are always handled through their secure checkout page.
- Watch out for “Urgency”: If a message tells you that you must act “Right now!” or “Within 12 hours,” it is almost always a scam. Scammers use pressure to make you stop thinking clearly.
- Call the hotel yourself: Are you worried there really is a problem? Don’t click the link. Instead, look up the hotel’s phone number on Google and call them directly to check.
What should you do if you received a message?
Booking.com has sent emails to many users about a new PIN code for their reservations—this is a security measure they took to protect you. That part is real. But be extra alert for any WhatsApps or messages that follow.
The bottom line: No need to panic, but be “vif” (sharp). Do not trust any link asking for your money or card details, even if it looks like it’s coming from your hotel.
