Something just happened that I recognized as a vulnerability in airbnb 2 step login all that would be needed is your email to have been hacked/exposed. Here is how it would have been vulnerable at least for me.  First off I have my home phone and voicemail through comcast and I'm sure as do millions of others. I have my comcast voice mail set up to trap and stop most spam, those it feels are spam get directed straight to my voice mail without my phone ringing. So if someone had hacked my email they could attempt to login to airbnb and go through the 2 step process my voice mail transcription forwarding would instantly send me an email with the 2 step code transcribed. The hacker would get the code. Many VPN systems I use have 2 step phone verification similar to this but to avoid it you must answer and press a key like # on your phone before the code is given. This prevents my voice mail from automatically answering and the system just blurting our the code.