HQ/EMEAFind out how we can help your business
An alleged Airbnb data breach has significantly impacted millions of individuals after the incident resulted in the exposure of personal details. This unexpected breach resembles a ‘room service’ for cybercriminals who want to acquire millions of users’ confidential information.
A threat actor called ‘Sheriff’ on the dark web has claimed responsibility for the Airbnb hack. The compromised information that affected about 1.2 million users includes sensitive data like names, email addresses, countries of residence, cities, and more.
Based on reports, the threat actor has started an illicit sale of this information with a starting price of $7,000 on the less reputable black market platforms. This incident has raised massive concerns among individuals since this exposed data on the black market is a dent to the security and privacy of Airbnb’s user base. However, Airbnb has yet to confirm the legitimacy of this incident.
Everyone is waiting for the confirmation of the Airbnb data breach.
Potentially impacted individuals and researchers are still waiting to know if the Airbnb data breach is legitimate. Given the evolving nature of this situation, the company management will surely provide updates, but researchers do not expect to receive full disclosure.
With its extensive user base and vast network of properties, Airbnb holds sensitive information from travelers and hosts globally. If the data breach incident against Airbnb is true, the attackers could use these troves of data for various malicious activities, such as identity theft, phishing, and even more sinister activities.
This is not the first time this company has faced issues regarding cybersecurity. In August 2023, Airbnb Ireland faced backlash from the Irish Data Protection Commission due to violations related to the retention and processing of identity documents.
The inquiry, which started in March 2022 following an unlawful request for a user’s ID to verify their identity, revealed that Airbnb’s actions contradicted data minimisation and storage limits outlined in the GDPR. In addition, the company mishandled partially redacted and outdated identity documents.
The DPC reprimanded Airbnb and mandated corrective actions, calling for revising the company’s internal policies for user identity verification. Airbnb has acknowledged its commitment to complying with the DPC’s directives, emphasising its dedication to privacy obligations.
