The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

A significant data breach has allegedly compromised Airbnb’s security, potentially exposing the personal information of 1.2 million users.

A threat actor, who goes by the name ‘Sheriff’ on the darkweb, has come forward, claiming the Airbnb data breach, which includes sensitive details such as names, email addresses, countries of residence, cities, and more.

Airbnb Data Breach: A Sinister Price Tag

The threat actor has set a starting price of $7,000 for the illicit sale of this information on the dark corners of the internet.

The availability of such data on the black market raises serious concerns about the security and privacy of Airbnb’s user base. However, the Airbnb data breach is yet to be confirmed by the officials of the firm.

Awaiting Confirmation on Airbnb Data Breach

At the time of writing, The Cyber Express Team has made efforts to contact organisations to confirm the claim, but we are still awaiting a response from the respective officials. Given the evolving nature of this story, we will promptly provide updates once we receive an official response via email.

Airbnb, with its extensive user base and vast network of properties, is entrusted with sensitive data from travellers and hosts across the globe.

This wealth of information during the Airbnb data breach can be exploited for a wide range of malicious purposes, including identity theft, phishing, and even more sinister activities.

Airbnb’s Stakes and Prior Incidents

Earlier, in August 2023, Airbnb Ireland faced censure from the Irish Data Protection Commission for violations related to retaining and processing identity documents.

The inquiry, initiated in March 2022 due to an unlawful request for a user’s ID to verify their identity, revealed that Airbnb’s actions contravened data minimisation and storage limits specified in the GDPR.

The company also failed to handle partially redacted and outdated identity documents correctly. Therefore, the DPC reprimanded Airbnb and mandated corrective actions, demanding the revision of internal policies for user identity verification. Airbnb has affirmed its commitment to comply with the DPC’s directives, highlighting its seriousness about privacy obligations.

Hospitality Sector in the Crosshairs

The Airbnb data breach is just one of many threats facing the hospitality sector.

In September of this year, the infamous hacker group known as Play declared that they had successfully breached Firmdale Hotels, obtaining critical files and documents.

The threat actor made their breach public via a post on their dark web channel. According to the post, the ransomware gang took credit for this cyberattack on September 4, 2023, at 23:32 UTC +3.

Additionally, during the month of July, Luna Hotels & Resorts, a well-known Portuguese hotel chain, reportedly experienced a cyberattack.

The Medusa ransomware group, known for its malevolent operations, has asserted accountability for this incident.

Through a post on its data leak platform, the group declared their successful infiltration of Luna Hotels & Resorts’ systems and threatened to disclose the pilfered data within the upcoming 7-8 days.

The Threat Landscape

Data breaches are an unfortunate reality in the digital age, underscoring the importance of robust security measures and proactive data protection. According to the Data Breach Investigations Report, a staggering 90% of hospitality data breaches originate from external actors.

Furthermore, 91% of cybercriminals are financially motivated, while 9% engage in espionage. The aftermath of successful hacker attacks can be enduring, impacting both individuals and organisations.

Companies must invest in cutting-edge cybersecurity measures to mitigate the risk of such incidents, prioritising the safety and privacy of their users in our increasingly interconnected world.

User Vigilance and Airbnb’s Response

It is advisable that Airbnb users take immediate steps to secure their accounts, including resetting passwords and enabling two-factor authentication (2FA) if it is not already in place.

Furthermore, they should be vigilant about unsolicited emails or messages and avoid clicking on suspicious links or providing personal information to unknown parties.

Airbnb’s response to this data breach will undoubtedly shape its reputation and its commitment to data security in the future.

Source: TheCyberExpress.   By: Samiksha Jain, Author At The Cyber Express


Contact The Cloud Consultancy if you would like help authenticating email with SPF, DKIM and DMARC domain authentication.