惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
Latest news
Latest news
P
Palo Alto Networks Blog
T
The Exploit Database - CXSecurity.com
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
AI
AI
阮一峰的网络日志
阮一峰的网络日志
量子位
Project Zero
Project Zero
Know Your Adversary
Know Your Adversary
Google Online Security Blog
Google Online Security Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Schneier on Security
大猫的无限游戏
大猫的无限游戏
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
K
Kaspersky official blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
Visual Studio Blog
Spread Privacy
Spread Privacy
C
CERT Recently Published Vulnerability Notes
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
博客园 - Franky
Last Week in AI
Last Week in AI
博客园 - 聂微东
博客园 - 三生石上(FineUI控件)
小众软件
小众软件
IT之家
IT之家
I
Intezer
The Cloudflare Blog
月光博客
月光博客
N
News | PayPal Newsroom
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
V2EX
博客园_首页
罗磊的独立博客
NISL@THU
NISL@THU
爱范儿
爱范儿
Jina AI
Jina AI
有赞技术团队
有赞技术团队
The Hacker News
The Hacker News
A
Arctic Wolf
Scott Helme
Scott Helme
Engineering at Meta
Engineering at Meta
P
Proofpoint News Feed

Cyber Daily News

Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Hacked: ALS discloses cyber incident, unauthorised access to IT systems Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ Report: AI-based data incidents on the rise in Australia WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July US Federal Reserve outlines AI's influence on the finance sector Exclusive: Major Australian jewellery brand confirms cyber incident Australian government establishes new Cyber Incident Review Board Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Over 1 in 2 firms have AI privacy concerns: Intuit Exclusive: Prime Properties listed as breach victim by M3rx ransomware Anthropic launches dedicated Claude Security platform to public beta DigiCert launches AI Trust architecture to secure agents, models, and content ‘Rebuilding the enterprise’: How CEOs are preparing for automation Op-Ed: Redefining performance in the AI-powered SOC Ukrainian official advocates for artificial intelligence, autonomous drones for battlefield deployment NZ council cyber attack leads to ID and financial data being exposed ‘Building confidence’: The key to effective AI implementation Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims US Department of War launches cyber-focused apprenticeship program CrowdStrike launches Project QuiltWorks to tackle skyrocketing AI-discovered vulnerabilities Australian government stands up new ‘tripartite forum’ to tackle AI challenges in the workforce Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations ANZ appoints its first chief AI officer Westpac appoints Chief AI Innovation Officer as part of technology push ADF strengthens skills as Cyber Command marks 2 years of operation Sri Lankan government hack sees $3.7m destined for Australia stolen Outsiders are already accessing Anthropic’s new AI model, but is Claude Mythos really that powerful? CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure AI adoption highest for finance and property SMEs, says NAB Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims Q&A: Quantum cryptography will be a “Y2k times 10 problem,” says DigiCert CEO PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC AI is helping young investors get into the property market Australia’s financial regulators are keeping a close eye on Mythos Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Your next car may be designed by AI Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Braclays warns that Mythos could prove a problem for larger banks with legacy systems Report: Data collection by school-backed apps in Australia is out of control and a risk to kids Kinetic IT appoints Kishore Jayaram in new chief transformation officer role Anthropic launches Claude Opus 4.7 as researchers reveal fake Claude installer spreading malware Australian Federal Court embraces AI in new practice note FOI docs reveal information commissioner’s concerns over Age Assurance Technology Trial Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway Op-Ed: Australia inspired the EU’s online age restrictions, now it’s time for us to learn from them National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Anthropic co-founder confirms Trump admin was informed about Mythos AI model European Commission’s new age verification app removes privacy risk of third-party data collection Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing CHROs must lead the AI transformation, AI CEO says Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities Kid stuff: Roblox to introduce safety improvements following Aus government warnings ADF joins international military exercise focused on cyber resilience and multi-domain operations The workforces impacted by the ‘AI axe’ OpenAI CEO’s home targeted in attempted drive-by just days after Molotov attack Report: Aussie youth increasingly turning to AI for mental health advice Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims Report: Majority of CISOs not ready for the next big cyber attack Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims AMP to ‘embrace’ AI as tech reshapes banking WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings Cyber war: Pro-Iranian hackers vow to fight on despite a fragile ceasefire with the US Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware Game on! Nationwide student competition aims to tackle Australia’s cyber skills gap Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation Atlassian’s Confluence gets a dose of AI as standard SaaS loses steam
Booking.com confirms cyber incident, customer reservation data potentially compromised
2026-04-14 · via Cyber Daily News

Hotel and accommodation booking site Booking.com has begun notifying its customers of a cyber incident, confirming that hackers may have gained access to reservation data.

In a notification sent to customers, the site said it had noticed third-party access that impacted reservations.

“We recently noticed suspicious activity affecting a number of reservations, and we immediately took action to contain the issue,” the notice said.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

“Based on the findings of our investigation to date, accessed information could include booking details and name(s), emails, addresses, phone numbers associated with the booking and anything that you may have shared with the accommodation.”

Based on the notice email posted on Reddit, the notices appear to have been addressed from the hotels the customer reservations were with. However, the user who posted the statement said this appears to be an issue with Booking.com as a whole.

“I reported a security breach 15 days ago, and they claimed everything was fine on their end,” the user said.

“Apparently, they are now sending automated emails to many customers, which clearly shows this is not an issue with just one hotel, but likely something related to their booking management app or security systems.

“Given how weak their security appears to be, I’m not surprised. Make sure you understand the risks before booking with Booking.com.”

Booking.com has not clarified whether or not its systems were breached, nor how many people were impacted by the incident.

However, it did confirm that no financial data was accessed, in a statement to SecurityWeek.

“We took quick action and the issues has [sic] been fully contained,” a Booking.com spokesperson said.

“We have updated the PIN number for these reservations and informed our customers accordingly.”

“While no financial or payment information was accessed, we’re also reminding customers to remain vigilant to potential phishing attacks and reinforcing that Booking.com will never ask for credit card details by email, phone WhatsApp or text message, or ask them to make a bank transfer that is different from the payment details in their booking confirmation.”

Speaking with Cyber Daily, Adam Marrè, former FBI agent and chief information security officer (CISO) at Arctic Wolf, said this is an example of threat actors replicating legitimate activity and using social engineering rather than relying on breaking systems.

“What we’re seeing here is how incidents like this can quickly evolve beyond the initial breach. When attackers have access to real booking data, any follow-on messages or activity don’t feel suspicious. They line up with an actual trip or reservation, which makes people far more likely to trust them. It’s a pattern we’re seeing more often, where attackers focus on making their activity look legitimate and catching people at the right moment,” he said.

“This type of social engineering is becoming more common, especially when paired with more technically sophisticated attacks. Cyber criminals count on flaws in human nature for success, and adding real-world context like this only increases their chances.

“The challenge is that this doesn’t rely on breaking systems in obvious ways. It relies on exploiting normal communication flows. In sectors like travel, where there are multiple handoffs between platforms, partners and customers, that creates more opportunities for attackers to step in.

“For consumers, it’s worth pausing before clicking on any unexpected messages, even if they reference a real booking, and going back to the platform directly to double-check. For organisations, it’s a reminder to keep tightening the basics, from identity controls to visibility across partner systems, so this kind of activity is picked up earlier.”


Updated 14/04/2026: Added commentary from Adam Marrè, Arctic Wolf.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

Tags: