According to a new report from SlashNext, Airbnb – the short-term letting service commonly used by travelers as an alternative to hotels and hostels – is one of many online platforms falling victim to increasingly sophisticated cyber threats, with compromised Airbnb accounts having been found in the thousands on hacking forums.
Airbnb has about 7 million global listings, according to SlashNext, making it another prime target for threat actors to exploit.
The nature of Airbnb — being a fully online platform with users promoting their own properties for short term rent — leaves gaps for potentially fraudulent activity, like fake accounts, fake hosts, and other scams.
The report highlights that threat actors typically access Airbnb accounts for scams in one of two ways: by employing the use of ‘stealers’, or by using cookies.
Stealers are a form of malicious software threat actors can use to obtain login credentials to gain account access. The malware of stealers can infiltrate a device and transfer stolen data, like usernames and passwords, to an attacker, either via a server, email, or chat programme.
Stealers can be purchased for use on the dark web, or deployed through different methods like social engineering or malicious advertisements.
If a cybercriminal purchases a stealer, they can deploy it on potentially thousands of devices immediately, and gain access to log in information, as well as credit and debit card details, depending on the access gained.
Another avenue of exploitation is using cookies — small data files that track browsing activity and preferences for a website.
Airbnb cookies, according to SlashNext, are often bought and sold on different illegal online forums, giving buyers short-term access to accounts without the need for login credentials.
Using cookies to gain access to compromised accounts would then allow cybercriminals to make bookings, send messages, and access saved payment details.
This method does have a catch, however, as cookies have a short expiry date, so cybercriminals would only have temporary account access using this method.
What Happens Next?
Once cybercriminals gain access to Airbnb accounts via stealers or cookies, they often go on to simply sell the compromised information onto other threat actors to make a profit, SlashNext’s research found.
This often occurs on underground forums – SlashNext found thousands of Airbnb accounts for sale on a single forum.
Each account they found only cost one US dollar, with the price likely driven down by the plethora of options available.
Airbnb accounts are apparently so popular that cybercriminals even offer an account checking service which verifies if uploaded accounts are valid.
SlashNext even found cybercriminals selling services that would offer a 50% discount on Airbnb bookings
Interestingly, the site did not investigate which Airbnb accounts were more likely to be compromised — Airbnb accounts can be linked to Facebook and Google accounts. This connection may explain why Airbnb accounts are targeted by threat actors as the credentials may match passwords for other sites, further exposing personal data and information.
“It’s clear that these services are profitable because the forum threads advertising them have received tens of thousands of views and hundreds of replies,” SlashNext’s report said, illustrating the popularity of the target site.