The hacking was revealed earlier this year when London-based consultant, Sharon O’Dea had her Airbnb profile hacked and used to make bookings.
Ms O’Dea stated that she was made aware of the security breach when she received a password reset email prompt from Airbnb. She then discovered that a total of three bookings for three nights in the City were charged to her account costing between £300 and £400.
The hacker posing as O’Dea had also confirmed check-ins with Airbnb hosts outlining that they would be staying “with friends”.
After reporting the breach, Airbnb stated that they cancelled the bookings and made the hosts aware of the incident, however, she still received messages from the hosts days later asking her how she was finding her stay.
O’Dea was “shocked” to discover that the hosts had not been made aware that strangers were staying in their homes.
“Airbnb didn’t tell her a complete stranger had access to her home, posing as me,” she explained. “I said, ‘I don’t want to alarm you but there is someone in your house that isn’t me and I would call the police’.”
- Aberdeen Fans’ Gothenburg Victory Passwords are a Serious Security Risk
- Visa, MasterCard and Uber Sign on to Facebook’s Blockchain Project
- Amazon Faces Lawsuit Over Alexa Child Recordings
Despite being informed that the issue had been “handled” by the room-letting website, Airbnb attempted to give Ms O’Dea over £100 worth of damages that had been caused by the hackers at one of the properties.
Ms O’Dea described the company’s reporting systems as “broken”, adding: “It’s incredible that Airbnb would not tell someone when there is clearly something illegal happening”.
“If someone hacks your account, they can just randomly turn up at a flat. It doesn’t paint them [Airbnb] in a very good light on personal safety.”
Airbnb users have often been targeted by online fraudsters in the past to trick them into overpaying for their stay or paying twice.
Last month, cybersecurity company Kaspersky found that fraudsters were using a $550 subscription service to try to scam Airbnb customers ahead of the summer holidays. The fraudsters created fake property profiles that asked Airbnb users to click through to clone payment sites which were linked to cybercriminals’ accounts.
Although Ms O’ Dea recovered her money and no one was harmed, she said the incident demonstrates significant issues with the company’s security system and the way in which Airbnb treats its hosts.
A spokesperson for Airbnb said: “Our handling of this isolated incident was unacceptable, and we are in contact with the guest and hosts to apologise and offer our full support”.
“The safety and security of our community is our priority and we are working with our team to review our handling of this matter to ensure we do better in future. “