Booking.com Customer Data Exposed via Third-Party Vendor Breach
Booking.com confirmed this week that unauthorized parties accessed reservation data for a subset of customers through a compromised third-party service in its booking workflow. Exposed information included full names, postal addresses, email addresses, phone numbers, and booking dates. The company stated its core platform was not directly compromised, with the breach traced entirely to an external vendor. The incident highlights a broader cybersecurity pattern where well-secured platforms remain vulnerable through third-party tools such as notification providers, payment aggregators, and customer-success services. Security experts warn that vendor-chain risks — including overly broad API token scopes and unvalidated webhooks — are routinely underaddressed in standard annual penetration tests.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in