A significant data breach has allegedly compromised Airbnb’s security, potentially exposing the personal information of 1.2 million users.
A threat actor, who goes by the name ‘Sheriff’ on the darkweb, has come forward, claiming the Airbnb data breach, which includes sensitive details such as names, email addresses, countries of residence, cities, and more.
The threat actor has set a starting price of $7,000 for the illicit sale of this information on the dark corners of the internet.
The availability of such data on the black market raises serious concerns about the security and privacy of Airbnb’s user base. However, the Airbnb data breach is yet to be confirmed by the officials of the firm.
At the time of writing, The Cyber Express Team has made efforts to contact organizations to confirm the claim, but we are still awaiting a response from the respective officials. Given the evolving nature of this story, we will promptly provide updates once we receive an official response via email.
Airbnb, with its extensive user base and vast network of properties, is entrusted with sensitive data from travelers and hosts across the globe.
This wealth of information during the Airbnb data breach can be exploited for a wide range of malicious purposes, including identity theft, phishing, and even more sinister activities.
Earlier, in August 2023, Airbnb Ireland faced censure from the Irish Data Protection Commission for violations related to retaining and processing identity documents.
The inquiry, initiated in March 2022 due to an unlawful request for a user’s ID to verify their identity, revealed that Airbnb’s actions contravened data minimization and storage limits specified in the GDPR.
The company also failed to handle partially redacted and outdated identity documents correctly. Therefore, the DPC reprimanded Airbnb and mandated corrective actions, demanding the revision of internal policies for user identity verification. Airbnb has affirmed its commitment to comply with the DPC’s directives, emphasizing its seriousness about privacy obligations.
The Airbnb data breach is just one of many threats facing the hospitality sector.
In September of this year, the infamous hacker group known as Play declared that they had successfully breached Firmdale Hotels, obtaining critical files and documents.
The threat actor made their breach public via a post on their dark web channel. According to the post, the ransomware gang took credit for this cyberattack on September 4, 2023, at 23:32 UTC +3.
Additionally, during the month of July, Luna Hotels & Resorts, a well-known Portuguese hotel chain, reportedly experienced a cyberattack.
The Medusa ransomware group, known for its malevolent operations, has asserted accountability for this incident.
Through a post on its data leak platform, the group declared their successful infiltration of Luna Hotels & Resorts’ systems and threatened to disclose the pilfered data within the upcoming 7-8 days.
Data breaches are an unfortunate reality in the digital age, underscoring the importance of robust security measures and proactive data protection. According to the Data Breach Investigations Report, a staggering 90% of hospitality data breaches originate from external actors.
Furthermore, 91% of cybercriminals are financially motivated, while 9% engage in espionage. The aftermath of successful hacker attacks can be enduring, impacting both individuals and organizations.
Companies must invest in cutting-edge cybersecurity measures to mitigate the risk of such incidents, prioritizing the safety and privacy of their users in our increasingly interconnected world.
It is advisable that Airbnb users take immediate steps to secure their accounts, including resetting passwords and enabling two-factor authentication (2FA) if it is not already in place.
Furthermore, they should be vigilant about unsolicited emails or messages and avoid clicking on suspicious links or providing personal information to unknown parties.
Airbnb’s response to this data breach will undoubtedly shape its reputation and its commitment to data security in the future.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Apple said the flaws were addressed through improved memory management, input validation, bounds checking, and stronger security origin tracking.
ARMA said receiving the cryptocurrency marks an important step in the evolution of Ukraine's asset management system.
The domain seizure operation was coordinated with international partners through the International Computer Hacking and Intellectual Property (ICHIP) Network.
The operation forms part of Operation Endgame, described by Europol as the largest international initiative to disrupt ransomware enablers worldwide.
The UAE Cybersecurity Council shares cybersecurity best practices to help users secure digital footprints and reduce cyberattack risks.
The MDA hack saw hackers deface the Meerut Development Authority website with pro-Pakistan messages, prompting a police probe and shutdown.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More