Log In  
Community Cafe

Account hacked. What was accessed and what now?

‎02-06-2020 10:18 AM
Heather1066
Level 1
London, United Kingdom
‎02-06-2020 10:18 AM

Account hacked. What was accessed and what now?

This morning I received a call and verification code from Airbnb that I didn't request. I logged into my account to find 4 different sessions I didn't recognise, 3 from march and April in China, and one from this morning when I recieved the verification codes. I logged them all out and changed my password.

 

My questions are...

 

Were these 4 different sessions actually logged in to my account?

 

What information could they access? My password, passport, payment details, address, email address?

 

Why was I not notified of suspicious activity eg log ins from China when Airbnb knows I'm based in the UK. 

 

Why is Airbnb requesting me to log in using a 4 digit verification code rather than my email and password? This seems much less secure ie easier to brute force a 4 digit numerical code than a long random password. When did this change happen and what's behind it? I assume all 4 of the people who gained access to my account did it this way. 

 

I've changed my password but I'd like to know what password was on my account during this period in case it has been compromised, is there any way to do this?

 

What should I do now?

 

Many thanks

 

 

 

‎02-06-2020 10:18 AM
2 Replies 2
‎02-06-2020 12:12 PM
Elena87
Level 10
СПБ, Russia
‎02-06-2020 12:12 PM

@Heather1066 

 

First thing is to check if your email was breached on a site such as 

 

https://haveibeenpwned.com/

 

If you are in the habit of always using the same password, your airbnb account can be hacked by criminals using credential stuffing software, likely to be the source of the compromise.

 

On viewing your airbnb account, you can see that there are some personal details listed and available to see.

Bank details show only last four numbers. Passwords are not listed. 

You can review airbnb notifications that can alert you whenever a new device is used to log in.

If you are an occasional user as a guest, it's good practice to remove payment details when not using your account.

 

Usually the point of hacking is to divert genuine payments due to hosts, collusion bookings to fraudulent hosts, to launder stolen bank cards through airbnb or simply pure mischief.

 

Do check over airbnb messages including archived messages for any further suspicious changes and call the service centre to report 

‎02-06-2020 12:12 PM
‎03-06-2020 02:35 AM
Yadira22
Level 10
London, United Kingdom
‎03-06-2020 02:35 AM

@Stephanie @Lizzie @Nick @Liv @Quincy 

 

Could any of you best advice @Heather1066 thanks 🙂

‎03-06-2020 02:35 AM
0 Likes

More from Community Cafe

Explore Resource Center articles