Hi Airbnb team,

Please introduce 2-factor authentication as a possible security option.

I received an email this morning that someone had changed the email on my Airbnb account to a @163.com address, which is commonly used in China. Fortunately they had not thought to change my password so I was able to immediately log in, change the email back, change my password, and delete all payment methods associated with the account. As far as I know I haven't actually lost any money as a result of this. Thank you for having these email notifications.

In the Security section I noticed that someone had accessed my account from Haikou, China earlier in the month, and that someone had then accessed my account from Toronto, ON and attempted to book a listing in Myanmar (https://www.airbnb.ca/rooms/21831252) which did not go through (Verification Failed). The listing itself has no prior reviews so it's possible it was set up as a part of an operation to simply siphon off cash.

I'm not sure how they were able to log into my account at all, as I thought that Airbnb enforced 2-factor auth whenever someone tries to log in from an unknown IP address (https://www.airbnbcitizen.com/prevent-account-takeovers/). 

Whether this happened because of a phising scam, a brute-force guess, or genuine hacking, it's hard to tell. Maybe your security team can tell me more. But this is quite scary (my Airbnb profile has so much personal information - emails, phone numbers, addresses, payment methods!), and I think something like this could have easily been prevented through the use of 2-factor. It's a small inconveniece that I would gladly accept in exchange for the added security. Please have your security team consider it. Thanks.