Booking.com Data Leak: Reservation Info Used For WhatsApp Phishing

On 2 April 2026, I made a hotel reservation in Greece through Booking.com while logged into my account. Some time after the booking, I was contacted on WhatsApp by a Pakistani number that had my Booking.com reservation details and my personal information. This person wrote to me using my booking data and sent me a phishing link, asking me to click on it. I understood that this could be a serious data and security issue and reported the situation to Booking.com, including screenshots and all relevant evidence. Each time I contacted customer service, I was told that they would get back to me within 24 hours, but they did not keep this promise. Instead, I had to repeatedly follow up myself whenever their stated SLA expired. After approximately 18–20 days of this back-and-forth, I was finally told that Booking.com is “just a third party,” which to me is an unacceptable response given the circumstances. In my opinion, data security is not a real concern for Booking.com in this case. They did not take my situation seriously and did not offer any real solution to address the issue I reported.