Have you been hacked? This is what I found

Ann72
Level 10
New York, NY

Have you been hacked? This is what I found

Several hosts have posted recently about being hacked, and I've been getting more emails than usual from friends reporting hacked Instagram and Facebook accounts.  Nerve-wracking!

 

It seemed a good time to look into things, so I went to Account -> Login & Security, and checked out my device history.  All looked good.  (You can also click this link:  https://www.airbnb.com/review_your_account.)

 

To the right of Login & Security, there's a box that says "Your account security: Medium," so I clicked through to see what could be improved.  It asks to verify your phone number by sending a code.  But I kept getting a message from @Airbnb saying "We can't send a code to this phone number. Try using a different one."  It's a US cell phone number.  I get codes sent to it all the time.  How can I improve my account security if Airbnb can't do its part?

 

Though it's a small thing, it really makes me wonder how secure our accounts really are.

 

29 Replies 29
Colleen253
Level 10
Alberta, Canada

@Ann72 Security is very iffy. It’s something I worry about, just slightly less than I do about when it will be my turn to be in the ‘missing payouts’ penalty box. Like you, I check my account etc. regularly, and change my password often. 

It's unconscionable.  Have you ever tried to log in to a magazine site for which you have a print subscription?  It's almost impossible.  I mean seriously it's like trying to break into the Federal Reserve.  And yet Airbnb, with all our payment info and personal info from guests?  Piece of cake.

John5097
Level 10
Charleston, SC

@Ann72 

Thanks for the heads up. BTW the link you posted doesn't go to the page you specified. 

Need to go to Account  in Profile and find it there. 

I also had the medium security, which seemed odd as I had verified phone number, yet asked to do it again, as you described, and no problem verifying it again. 

Does yours match the number for your account in personal info? That's all I can think of. 

You should be able to verify your phone number. This sets up two step authentication. I'm guessing host getting hacked don't have a verified phone number? 


Annoying about the link @John5097.  Perhaps one can click through from this page:  https://www.airbnb.com/help/article/501/help-secure-your-account

 

My profile doesn't have "settings" in the drop-down.  It has Account, and from there you can go to Login & Security.  I have professional tools - perhaps that's the difference.

 

The phone number is the same one I've had since I started hosting in 2015.  They call me on it.  They use it to log me in.  They send notifications to it.  It's irritating that this simple tech point doesn't always work, apparently.

 

 

@Ann72

I edited that it is in Account in Profile.

Well that's what's important is that you get a code sent to your phone to sign in. Not clear why we would need to do that again? It suggest doing it every years, so maybe  incase someone changed numbers and didn't verify phone again?

BTW.. I did notice a location I didn't recognize that had signed in in the history, in San Francisco, so manually disconnected them all and reset password also, although think that was just a bug, as no other indication of been hacked, or maybe there was a data breach in SF? Although could be anything I suppose. So good idea to check everything and update all the suggested security measures. 

 



I also just read the article you posted. A sign in code can also be sent to email address. Never heard of that before. I'm not sure how its done but emails are easily hacked and can't be trusted at all.  


From the help article. 

Additional security features

  • Understand multi-factor authentication: If you log into Airbnb from a new place or device—or edit sensitive account information—you could be asked to confirm it’s really you. You may need to enter a security code sent to your phone or email, or verify some of your account details. You might also get an account alert in case someone is trying to access your account.

Were you able to click through to "review your account," @John5097?

@John5097  Yes, as mentioned I was able to verify my phone number again. I've also always had a code sent to phone. There is no indication my account has been compromised except the device history log in location. 

The mention of option to send code by email seems suspicious though. 

I'll review my account more regularly for any suspicious activity. Mine is as secure as the user settings will allow. 

You were able to click through from the page at the second link I posted @John5097?

There might be people who prefer to get an email over a code sent to their phones @John5097.  It's often given as an option on other platforms.  I agree it's not as secure, though!

@Ann72 An option would include a choice by clicking a box to either code by phone or email. But it’s done by default so not sure when email code might be sent instead instead of phone code if both have been verified? 

@Ann72 @Thanks for the info you posted. As I said some things just seem “suspicious” I’m not trying to limit peoples options just enourging phone verification and updating security protocols. 


As recent hacks seems to have exploded a weakness, and creating dozens of fraudulent listings reported here at at CC.

 

Edit: my suspicion over email verification was in reference to you claim that signing into on line magazine subscription was like breaking into ft Knox’s, while Airbnb was lax protocol. I also mentioned verifying phone number acted as two step verification which may not have been clear and standard way to improve security. 🙂

John5097
Level 10
Charleston, SC

PS.. you could send one of community managers (admins) a message a request your first like be removed. It directs to a page that request a new password change. @Ann72 

Emilia42
Level 10
Orono, ME

@Ann72 You've inspired me to do the same. I was able to verify my phone number to make my account more secure. But why wasn't it verified in the first place? Airbnb should prompt hosts/guests to do this on a regular basis to make sure all methods of contact are up to date, let alone a secure account. I also changed my password which hadn't been done in two years and I removed my saved credit card details.