Hospitality.today™

Agoda denies breach claims after 82 million records surface online

Unverified leak allegations deepen scrutiny on data security across Booking Holdings platforms

Apr 22, 2026

Reports have emerged of an alleged data breach involving Agoda, with a threat actor claiming to sell 82 million user records on a hacker forum. The company has firmly denied the claims, stating that the data does not belong to its systems. The allegations follow closely after a confirmed breach at Booking.com, raising broader concerns about security across parent company Booking Holdings. While the authenticity and scale of the Agoda data remain unverified, the incident highlights growing risks around customer data exposure in the travel sector.

Key takeaways

  • Unverified breach claims: A threat actor alleges that 82 million Agoda user records have been compromised, but only a small sample has been reviewed and the full scope remains unconfirmed.
  • Company denial: Agoda has publicly rejected the claims, stating that internal checks show the data is not from its systems.
  • Sensitive personal data exposure: The sample dataset reportedly includes names, email addresses, phone numbers, and Malaysian identity card numbers, which could pose serious identity risks if authentic.
  • Unusual data structure: Researchers noted missing standard booking details, such as stay dates, raising questions about the dataset’s origin and completeness.
  • Timing raises concerns: The allegations come shortly after a confirmed Booking.com breach, prompting questions about potential systemic vulnerabilities within Booking Holdings.
  • Increased phishing risk: The earlier Booking.com incident has already led to a rise in reservation-related scams, highlighting how breaches can quickly translate into real-world fraud.
  • High-risk identity data: Malaysian identity card numbers are particularly sensitive, as they cannot be changed and can be used to strengthen targeted attacks when combined with other leaked data.
  • Broader security implications: Even without confirmation, repeated breach reports within a major travel group may impact trust and put pressure on platforms to strengthen data protection measures.

Source: cybernews

Read also: Booking.com hack highlights rising sophistication of cybercrime

Enjoying this analysis? Hospitality.today delivers daily insights on hotel distribution, AI trends, and travel commerce — straight to your inbox. Subscribe for free at Hospitality.today →

Related must-reads

JOIN 34,000+ HOTELIERS

Get our Daily Brief in your inbox

Consumers are changing the face of hospitality - from online shopping to personalized guest journeys and digitalized guest experiences ...
we've got you covered.

By submitting this form, you agree to receive email communication from Hospitality.today and its partners.