Booking.com confirmed that unauthorized third parties accessed user booking information, including full names, email addresses, postal addresses, phone numbers, and communications. The company responded by forcing PIN resets for affected reservations and notifying users.
Initial Access
Unauthorized System Entry
confirmed
Unauthorized third parties gained access to Booking.com's systems, enabling them to view sensitive booking information.
Defender cut points
Implement robust access controls and least privilege principles for all internal systemsEnforce multi-factor authentication for all administrative and critical system accessRegularly audit and monitor access logs for unusual activity
