Hosts of Airbnb have reported that they are able to access private inboxes that are not related to their accounts and this could mean that a serious security breach is affecting the platform.

It all started last Thursday (24), when Airbnb hosts flooded Reddit with forums questioning the unusual appearance of inboxes of messages that did not concern them. In a publication in Reddit with some prints illustrating the occurrence, one user registered as "Autocasa" said he had "no association with these people or with the names of their apartments".

Although no guest has reported the same problem, hosts claim that they can see the addresses and other important information - such as codes needed to access a property, profile photos and earnings - of other users. By exposing people to danger, the security breach can be considered extremely serious.

"I was in the support limbo all afternoon with no resolution in sight," said the user "Flashover212" in Reddit. "I can't access my own inbox to communicate with guests, but I can access hundreds of other hosts," he explained.

Another Reddit user stated that when calling Airbnb support they were instructed to clear their cookies or try a different browser. In some cases, logging out and re-entering the account was enough to make the problem go away, but the guidance was not unanimous in its resolution.

Reproduction

The Airbnb application was not affected by the security issue. Image: Daniel Krason

"It's vital for Airbnb to fix whatever's causing the problem immediately. Early reports seem to indicate that the Airbnb is telling hosts to clear their cookies in order to fix the problem," said Ray Walsh, expert in privacy Digital ProPrivacy, a cyber security company. "This is not an appropriate response because the onus should not be on consumers to fix Airbnb's error. In fact, some hosts are reporting having access to a different inbox every time they reconnect, which means Airbnb's customer support board is actually raising the issue," he added.

The day after the problem, a Friday (25), Airbnb revealed that a technical failure occurred at 9:30 a.m. (local Pacific time) on the 24th. The incident, which affected only the mobile web and desktop platform, leaving the application unscathed, was resolved at 12:30pm on Thursday itself.

"On Thursday, a technical problem resulted in a small subset of users inadvertently viewing limited amounts of other users' account information," Airbnb notified. "We corrected the problem quickly and are implementing additional controls to ensure that this does not happen again. We do not believe that any personal information has been misused and at no time has payment information been accessible," he concluded.

Via: ZDNet