Airbnb exposes personal data of property owners and renters

Airbnb developers face a severe problem as it has been revealed that some hosts were able to access some inboxes unrelated to their own accounts. Over the past few days multiple social networks were infested with comments and doubts regarding the incident.

La imagen tiene un atributo ALT vacío; su nombre de archivo es airbnbleak01.jpg

Guest accounts appear to have not been affected in any way, although some platform partners still mention that these inboxes are still visible. Users have posted various screenshots including information such as Airbnb partner name, profile pictures, booking income, number of bookings from the last 30 days and visits to the property.

La imagen tiene un atributo ALT vacío; su nombre de archivo es airbnbleak02.jpg

“I can’t access my own inbox to communicate with potential users, the problem has persisted throughout the day, and the support area has no idea what’s going on,” says a partner on the rental platform.

Another partner states that while talking on the phone with Airbnb, a representative simply recommended “clearing their cookies” or trying to access it using a different browser, although many seem unsatisfied with this response: “It is important for the company to fix this problem immediately; the recommendation to delete cookies is inappropriate as customers and partners are not responsible for correcting Airbnb’s mistakes,” says Ray Walsh, an expert at a cybersecurity firm.

La imagen tiene un atributo ALT vacío; su nombre de archivo es airbnbleak03.jpg

In his first official positions, an Airbnb spokesman mentioned that it is all due to a “technical problem” that occurred on Thursday morning; the incident would have affected desktop and mobile websites, but not apps. Although the company acknowledges that some users may have accessed information improperly, the spokesperson mentions that there was no way to alter or extract the exposed data.  

“Last Thursday, a technical issue caused various users to be able to access limited amounts of information belonging to other users. The issue was fixed quickly, plus we’re implementing additional controls to prevent similar incidents from happening again,” the spokesman said.