How Airbnb accounts are being hacked

AIRBNB is scrambling to stop an increasing number of hackers who are breaking into hosts’ and users’ travel accounts in order to rob them.

The peer-to-peer home rental platform allows people to rent out their homes by establishing the credibility of users through reviews. But the review system has been corrupted recently by hackers who use a fraudulent tactic that Airbnb has nicknamed “account takeover.”

Essentially account takeovers occur when hackers break into the profiles of guests who have built up good reviews on Airbnb and use those accounts, with minor tweaks, to book stays in homes that they then burgle.

It can also happen in reverse where hackers take over host profiles and get unsuspecting guests to send them money for a stay.

Airbnb chief technical officer Nathan Blecharczyk said “trust is the fundamental currency of the sharing economy” and Airbnb was working hard on new security solutions to combat the rising issue.

“Our model is effective at stopping most account takeovers, but unfortunately there have been some incidents where hosts and guests have suffered,” Mr Blecharczyk said.

“This is not acceptable to us, therefore we’re working around the clock to do everything we can to improve our detection and prevention methods.”

Airbnb has since introduced a multi-factor authentication when a user logs into a new device and has added an SMS notification any time a change is made to the account so users can take action if they were not the one who made the changes.

He said account takeovers occur most commonly by “password dumps” where companies are hacked and ‘bad actors” download massive lists of usernames and passwords which are then sold on the black market.

Airbnb users could also be sent an email or SMS link that asks them to re-enter account information on a site that looks like Airbnb but is actually “malicious.”

And if a computer has been compromised by “malware”, account information can be captured.

“Fortunately, the vast majority of our hosts and guests never have to deal with account takeovers or any other scam,” Mr Blecharczyk said.

Airbnb offers hosts a $1 million insurance policy and will support hosts who are burgled.

Source:http://www.couriermail.com.au/news/queensland/how-airbnb-accounts-are-being-hacked/news-story/02b9338cbb3e316a6bb0374aa0579694