But the Dutch company is refusing to say how many people have been affected and in which regions.
The platform says it has seen almost seven billion check-ins since 2010, making it one of the largest travel services in the world.
In emails to customers seen by the BBC, the company said: “We recently noticed suspicious activity affected a number of reservations and we immediately took action to contain the issue.”
It goes on to say that criminals were able to access names, email addresses, phone numbers and details about past and present bookings.
It said customers’ financial information was not accessed from its systems.
Experts warn this kind of data will be extremely valuable to fraudsters who are now racing to trick unwitting customers.
Cyber-security firm Norton has dubbed the scams “reservation hijacks” because criminals have contacted Booking.com customers pretending to be hotels in order to trick victims into sending them money based on bogus reservation problems.
“Reservation hijack scams have been around for some time, but this new data makes them much more dangerous because it gives criminals precision as they can reference the real property, the real travel dates, the right contact details to make the scam feel like routine customer service,” said Luis Corrons, security evangelist at Norton.
Booking.com told the BBC guests should remain vigilant to potential phishing attacks.
“Booking.com will never ask guests to share credit card details by email, over the phone, Whatsapp or text, or ask guests to make a bank transfer that is different from the payment policy details in their booking confirmation,” it added.
Click Here For The Original Source
