Booking.com has warned customers that "unauthorised third parties" may have accessed their names, emails, addresses and phone numbers.
In an email to customers, the OTA said it recently noticed “suspicious activity affecting a number of reservations and we immediately took action to contain the issue”.
Based on its investigation “to date”, Booking.com said information accessed could include booking details and name(s), email address(es) and phone number(s) associated with the booking and “anything that you may have shared with the accommodation”.
The platform has since sent new pin codes for affected users and warned its customers about the incident.
“If you have received suspicious emails or phone calls, these could be from malicious actors pretending to represent the accommodation or Booking.com.”
There have been customer reports of phishing emails, calls, and WhatsApp messages that appear to target bookings. Multiple users have additionally taken to online forums citing confusion over emails informing that their confidentiality code had been changed.
The OTA said financial information was not accessed from its systems.
It is not known how many people have been affected.
The company, which is headquartered in Amsterdam, lists more than 30 million accommodation venues around the world.