Revision History

1 revisions for "Booking.com's Reservation Hijacking Breach Exposes a Recurring Security Failure"

Booking.com confirmed on April 13, 2026 that unauthorized parties accessed customer reservation data including names, emails, phone numbers, and booking details, triggering a wave of targeted phishing scams against travelers. The breach mirrors a pattern of supply-chain attacks through hotel partner credentials that has persisted since at least 2018, raising questions about GDPR compliance and whether the company has structurally addressed known vulnerabilities.