Hackers have struck one of the world’s biggest travel platforms, Booking.com, in a global data breach that has exposed sensitive reservation details of users, including thousands of African travellers.
The massive cyberattack has raised fresh concerns over the safety of personal data in the digital tourism economy for millions of African travellers who rely on the convenience of digital platforms to book accommodation from Cape Town getaways to Zanzibar holidays.
The Amsterdam-headquartered travel giant has confirmed that “unauthorised parties” accessed customer reservation data after detecting suspicious activity within its systems.
While the company did not disclose the number of users affected, it moved quickly to contain the breach by resetting booking PINs and notifying the impacted customers.
“Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests,” Booking.com said in a statement.
The implications are a major concern in Africa where Booking.com has a dominant footprint across the continent, particularly in South Africa, where it handles almost 50% of online accommodation bookings and lists more than 41 500 properties across 1500 towns.
Furthermore, its reach in the continent extends into key tourism markets including Morocco with approximately 47 862 listings, Egypt (34 418), Kenya (22 711), and Mauritius (5 536), making it a critical digital infrastructure layer for Africa’s travel economy.
Owned by Booking Holdings, the platform connects millions of users globally and has become a default booking tool for both African travellers and international visitors to the continent.
According to Booking.com, the breach was uncovered on Monday through internal monitoring systems that flagged unusual access patterns linked to reservation data. Early investigations suggest that attackers were able to view sensitive booking information, including names, email addresses, phone numbers, travel details and any additional information shared with accommodation providers.
Crucially, the popular digital tourism site says no financial or payment data was accessed. However, some of the initial cybersecurity fears were that the affected targets were left open to highly targeted phishing scams.
Indeed, users have already reported receiving fraudulent emails, WhatsApp messages and phone calls from individuals posing as hotel staff or Booking.com agents, attempting to extract payment details or push fake “verification” requests.
The incident adds to a growing pattern of cybercrime targeting travel platforms. In 2018, a phishing attack on hotel partners exposed booking data of over 4 000 users, highlighting systemic vulnerabilities in the sector.
Share
