VulnHub

Real-time Cybersecurity News

Booking.com Says Hackers Accessed User Information

SecurityWeek
Data Breach

Overview

Booking.com has reported that hackers gained access to user information, although the company has not disclosed how many customers were affected. They have stated that the situation has been contained, but specifics about the type of data compromised remain unclear. This incident raises concerns for users who may have shared sensitive booking details on the platform. Protecting user data is crucial for maintaining trust in online services, especially in industries like travel where personal information is frequently exchanged. Booking.com will likely need to assess its security measures to prevent future breaches and reassure customers about their data safety.

Key Takeaways

  • Affected Systems: Booking.com user accounts and associated booking information
  • Timeline: Newly disclosed

Original Article Summary

The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained. The post Booking.com Says Hackers Accessed User Information appeared first on SecurityWeek.

Impact

Booking.com user accounts and associated booking information

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

New Booking.com data breach forces reservation PIN resets

BleepingComputer

Booking.com has reported a data breach involving unauthorized access to its systems, which has compromised sensitive reservation and user data. The company is urging affected users to reset their reservation PINs as a precautionary measure. This incident raises significant concerns for travelers who use the booking platform, as the exposed data could potentially be used for fraudulent activities. Booking.com has not disclosed the exact number of users affected or the specific data that was accessed, but the breach underscores the ongoing risks associated with online booking systems. Users are advised to monitor their accounts for any suspicious activity and to take steps to secure their information.

Apr 13, 2026

On Anthropic’s Mythos Preview and Project Glasswing

Schneier on Security

Anthropic has introduced a new AI model called Claude Mythos Preview, which has raised concerns in the cybersecurity community due to its potential for cyberattack capabilities. To mitigate these risks, Anthropic is not releasing the model to the public and has initiated Project Glasswing. This project aims to test the model against a variety of software—both public and proprietary—to identify and fix vulnerabilities before they can be exploited by malicious actors. The focus on preemptively addressing weaknesses highlights the growing intersection of AI technology and cybersecurity. As AI models become more advanced, the potential for misuse increases, making it crucial for companies to stay ahead of potential threats.

Apr 13, 2026

Mirax Android Trojan Turns Devices Into Residential Proxy Nodes

Infosecurity Magazine

Security researchers have identified a new Android banking trojan called Mirax, which is targeting users across Europe. This malware utilizes a method known as Malware-as-a-Service (MaaS) to infect devices, allowing cybercriminals to gain remote access and turn affected smartphones into residential proxy nodes. By doing this, attackers can route their malicious activities through the compromised devices, making it harder to trace their actions back to them. This poses a significant risk to users, as their personal data and banking information could be at risk. The emergence of Mirax highlights ongoing vulnerabilities in mobile security and the need for users to remain vigilant against such threats.

Apr 13, 2026

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

BleepingComputer

A new infostealer called 'Storm' has emerged, capable of hijacking user sessions by decrypting data on the server side rather than locally. This technique allows attackers to bypass traditional security measures like passwords and multi-factor authentication (MFA). Researchers from Varonis have demonstrated how the infostealer sends sensitive browser data directly to the attackers' servers, raising significant concerns about user privacy and account security. The implications are serious, as organizations relying on standard security protocols may find themselves vulnerable to these sophisticated attacks. Companies should be vigilant and assess their security measures to protect against this evolving threat.

Apr 13, 2026

BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings

SecurityWeek

Recent allegations suggest that Microsoft is engaging in corporate espionage through its LinkedIn browser extension, raising concerns about user privacy. However, security researchers are analyzing these claims and have found mixed results regarding the extent of data collection by the extension. While some users are worried about their information being tracked or misused, the research indicates that the data collection practices may not be as invasive as initially claimed. This debate over LinkedIn's data handling practices is crucial as it could impact user trust and privacy standards across similar platforms. Understanding the reality behind these accusations is important for users who rely on LinkedIn for networking and job opportunities.

Apr 13, 2026

AI browser extensions more likely to have known vulnerabilities, report says

SCM feed for Latest

A recent report indicates that AI browser extensions are more likely to contain known security vulnerabilities compared to other types of extensions. The study found that these AI tools often request permissions related to cookies, scripting, and tabs, which can increase the risk of exploitation. Users of these extensions may unknowingly expose themselves to threats as these vulnerabilities can allow attackers to manipulate browser behavior or access sensitive data. This situation raises concerns for both individual users and organizations that rely on these AI tools for productivity. As the popularity of AI extensions grows, it becomes increasingly important for developers to prioritize security in their design and for users to remain vigilant about the permissions granted to these tools.

Apr 13, 2026