A Massive Airbnb Security Breach Could've Exposed Your Private Information

Yesterday, a technical issue exposed hosts' inboxes and leaked private info

Female Solo Traveller Sat On Bed In AirBnB
Georgie Wileman / Getty Images

According to reports on social media, some Airbnb hosts experienced a significant breach of privacy on Thursday. Upon opening their inboxes on the vacation rental platform—the only way they’re supposed to interact with guests—hosts discovered that their messages were missing. Instead, they were replaced with other hosts’ private messages with guests.

According to information shared on Reddit, those messages included sensitive information, including street addresses, entrance codes to rental units, and hosts’ monthly earnings.


Per another Reddit thread
, every time the affected hosts refreshed their inbox, a new hosts' messages would appear, revealing that sensitive information. When users reported the bug to Airbnb, they were told to clear their cookies—to no avail.

"On Thursday, a technical issue resulted in a small subset of users inadvertently viewing limited amounts of information from other users' accounts," an Airbnb spokesperson told TripSavvy. The company added that they "fixed the issue quickly and are implementing additional controls to ensure it does not happen again."

The breach occurred at 9:30 a.m. Pacific time on Thursday and was discovered within an hour, according to Airbnb. It was fixed by 12:30 p.m. The company explained it was not the result of a malicious attack on the company's infrastructure—something has plagued other large travel companies—and was not visible to users on the mobile app, only those using desktop browsers. Additionally, users with inadvertent access could not modify the data of the other user, including sending messages or altering bookings.

While it seems that the situation is now under control, it's a massive slip-up that could impact hosts and their current guests. If you suspect your account has been breached, we suggest you change your current access codes to your properties in case they were inadvertently revealed.

Was this page helpful?