Log In  
Community Cafe

Host account breach 9/28/2020

‎28-09-2020 08:38 PM
April117
Level 2
‎28-09-2020 08:38 PM

Host account breach 9/28/2020

I'm sure Airbnb will be notifying hosts about this security breach as quickly as possible- most of this can be verified online and is starting to make headlines.

 

It appears that Airbnb host accounts may be at risk. I suggest all hosts change their passwords and verify notifications are set to ON.

 

Here's what happened to me at 8:30 this morning;  I caught an unauthorized change to my payout account- one notification from Airbnb came through via text, then instantly about 150+ random spam text messages and emails followed. This is a professional attempt to bury the one alert notification that you'll receive.

 

I knew what this meant. I immediately went to my computer and logged into my email and my Airbnb account & saw that they'd changed my payout method, changed my payout address, and set all my notification settings to "OFF."

 

They did not change my password.

 

My account password was a 15-digit, unique password with symbols, numbers, & varying cases, and they're never reused, duplicated, or modified- they're completely unique to every account I have.

 

This scenario means that the hack came from the Airbnb system, and not from having my account info leaked. This wasn't a single, individual's hack. This is the result of a major Airbnb security breach.

 

HERE'S the resulting problem:

 

The host system ALSO HOLDS hosts' tax info (full legal name, social security number), a copy of the drivers license (photo id, full legal name, home address, & DATE OF BIRTH), your banking info, your credit card info, and your connected social media logins, as well as whatever public facing data you share on your profile.

 

This is a major security breach, and I'm sure they'll be notifying hosts as quickly as possible.

 

I recommend changing your password and checking your notification settings. Since my info was changed by the hackers, I have also cancelled the credit card that Airbnb has on file, and I've frozen my credit with the three main credit bureaus.

 
 
‎28-09-2020 08:38 PM
9 Replies 9
‎28-09-2020 08:44 PM
Emiel1
Level 10
Leeuwarden, The Netherlands
‎28-09-2020 08:44 PM

@April117 

Ai, this sounds alarming.

You informed Airbnb about it ?

‎28-09-2020 08:44 PM
‎28-09-2020 09:45 PM
April117
Level 2
In response to Emiel1
‎28-09-2020 09:45 PM

Yes, I did. It took about 25 minutes to get someone on the phone who was unable to help. She promised a callback and tagged my message as urgent, but 8 hours later, no callback. I also communicated via the message system and gave them all the data, and this was the response:

 

I have found it.. well, alarming and not helpful.

 

airbnb response.jpg

‎28-09-2020 09:45 PM
‎28-09-2020 09:14 PM
Ann72
Level 10
New York, NY
‎28-09-2020 09:14 PM

@April117  Thank you.  @Emily352 posted about this recently too and I've changed my password - thanks both for the heads up.  https://community.withairbnb.com/t5/Hosting/Airbnb-accommodation-privacy-breached-through-online-gli...

 

‎28-09-2020 09:14 PM
‎23-10-2020 02:54 PM
Helen427
Level 10
Auckland, New Zealand
‎23-10-2020 02:54 PM

Coincidentally ??? Microsoft did an update on THERE Data Protection on there website on the 28th & 29th September BUT did you tell your CUSTOMERS BILL GATES of any unlawful activities that may have compromised their PRIVATE data and internet systems & access?

 

Perhaps it's time you sorted out and kept to making sure your businesses are acting in accordance with laws, International Laws.

‎23-10-2020 02:54 PM
0 Likes
‎23-10-2020 11:32 PM
April117
Level 2
‎23-10-2020 11:32 PM

I don't understand what you're saying. I'm supposed to tell my customers something about Bill Gates? I'm sure I don't understand what that's about.

‎23-10-2020 11:32 PM
0 Likes
‎24-10-2020 05:47 AM
Helen427
Level 10
Auckland, New Zealand
In response to April117
‎24-10-2020 05:47 AM

@April117 

 

 If you look up Microsoft Data Breach online, Microsoft did an update on there Data Protection Guidelines the same day as you had IT issues as did many others around that time with their accounts - there's others who have shared their stories about recent Data breaches here in ABB CC.

 

Do you use Microsoft accounts? Or devices?

 

Perhaps bc we are all so reliant on Microsoft in some way or another.

 

In light of the current world situation, there are people who take advantage of weaknesses in security systems, people are confined to home & away from workplaces where those things may have been picked up on faster & addressed.

IF there's something we should be told about relating to any Data Protection breaches just like other companies do they should tell us.

 

Be mindful 5G towers have been attacked across the world and may be some of those are along the routes our data travels on and been compromised along the way.

Anything's possible these days.

 

* As an aside, when replying it's helpful to include the @ tag with the person's name, if it doesn't come straight up I find trying to remember the numbers after the name helps locate it easier to tag someone. @April117 

 

 

 

There's very strange things going on in the world.

 

 

‎24-10-2020 05:47 AM
0 Likes
‎24-10-2020 05:59 PM
April117
Level 2
In response to Helen427
‎24-10-2020 05:59 PM

@Helen427 

Hi Helen, no, my host account was breached directly from Airbnb- as noted in the first post, many of my critical, internal settings had been changed. As a Federal employee I already have my personal info monitored on the dark web. A week after I was notified that my info that Airbnb has (my SS, drivers license, bank account, email address, and date of birth) are now all floating around the Dark Web and up for sale. Interestingly enough, my Airbnb password itself wasn't compromised, which is how we know that that the breach came from within, from someone with direct access to their data server.

 

Nothing I can do about it other than what I did the same day: file a local police report, fill out a report on the federal government's FTC's Internet Crime Complaint Center (https://www.ic3.gov/Home/ComplaintChoice/),  and freeze all my credit with Equifax, TransUnion, and Experian.

 

It most definitely came from Airbnb, as I have nothing to do with Microsoft.

 

Thanks for your comment though, it reiterates why all passwords need to be complex and unique.

 

 

‎24-10-2020 05:59 PM
‎24-10-2020 06:24 PM
April117
Level 2
In response to April117
‎24-10-2020 06:24 PM

Also, there were a few articles in computer news resources as well, but all very low-key hush hush, and they mostly had to do with hosts accessing other hosts' info. It all happened within days of each other, how other my issue was a professional breach as the bank account info was changed (so my host payouts would go elsewhere) and then immediately covered up with hundreds of texts and emails. The depth of the breach was recognized 

 

 https://latesthackingnews.com/2020/09/30/airbnb-exposed-private-inboxes-to-unrelated-accounts-due-to...

https://www.socialnews.xyz/2020/09/25/airbnb-hosts-access-inboxes-that-dont-belong-to-them-report/

 

 

‎24-10-2020 06:24 PM
0 Likes
‎24-10-2020 08:40 PM
Helen427
Level 10
Auckland, New Zealand
‎24-10-2020 08:40 PM

Thanks @April117 , very useful link.

 

Did you find you couldn't edit your listing despite been logged in ?

 

As an aside, Twitter, MTV, Target and others have also had major outages in the last couple of weeks.

Some of these companies should be looking carefully at who they employ & outsource to.

 

‎24-10-2020 08:40 PM
0 Likes

More from Community Cafe

Do we even trust Airbnb?

Hi all!I am a researcher at Roskilde University in Denmark a... Latest reply
Hi all!I am a researcher at Roskilde University in Denmark and I am currently researching trust on Airbnb. While I am reading... Latest reply

Explore Resource Center articles