Thursday, January 21, 18:01
Home security User reported that Airbnb accounts are vulnerable to hijacking

User reported that Airbnb accounts are vulnerable to hijacking

It was recently learned how Airbnb accounts are vulnerable to hijacking. Attackers can easily breach accounts, creating a new account in service renting a house and giving a phone number that previously belonged to another Airbnb customer.


The risk arising from reusable telephone numbers from other users, has been known for years. Many great Companies have encountered problems related to this mode of attack. Airbnb appears to be one of these companies, but the company says only a small number have been affected. users.

The incident came to light when a woman named Maya told SecurityWeek that her husband was trying to create an Airbnb account and accidentally logged in to another user's account.

Once he entered his phone number (step in registering an account), the man received one four-digit code via SMS. When the user entered the password, connected to account another user, who was the previous owner of the phone number.

The bill belonged to a North Carolina woman and contained many personalities information, such as photo, address e-mail, telephone number etc. O account she also had a valid payment card, which means that this woman could still make a booking on Airbnb using this card.

Maya confirmed the issue by testing her friends' phone numbers (with their consent). However, the worrying thing is that Airbnb did not inform the new owner of the phone number that the number he used to sign up for an account has already been used. Also, did not notify the legal account holder of a potentially suspicious connection.

Airbnb runs one bug bounty program in HackerOne to find gaps security and claims to have given more than $ 1 million to researchers.


Maya was unaware of Airbnb's bug bounty program and tried to report her findings on accounts and phone numbers through the channel support the company's. He says he has tried hard to convince Airbnb of the seriousness of the issue, but the problem has not been resolved. Her last inspection took place on September 22.

Airbnb support staff told Maya to create an account using a different phone number and stressed that their accounts users are safe and only legal holders can have access. However, this does not apply as phone numbers that have been "changed hands" can be used to gain access to previous holders' accounts.

"Airbnb support kept telling us the same thing: use a different phone number. He did not realize the issue security that we set (although we were clear with her). After all, we accidentally logged in to another user account and it seems to me that they do not find it as worrying as we", Maya explained.

Airbnb has to take care of secure connection and yes informs them users for suspicious connections to their accounts.

The company claimed to have taken steps to resolve the issue, but did not provide details about its actions.

"We have developed a solution to the reported problem of reusable telephone numbers, and fortunately only a very small number of our users have been affected. We are constantly evaluating and improving our protections and are committed to strengthening controls security of our platformAn Airbnb spokesman told SecurityWeek.

Airbnb support staff should be able to handle such issues. Many times, security issues are not addressed in official bug bounty programs but reported by simple users. These reports should be taken seriously by companies.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!



Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...

Microsoft: "Zero trust" protects against sophisticated hacking attacks

According to Microsoft, the techniques used by the hackers of SolarWinds, were sophisticated but common and preventable. To avoid future attacks ...