Airbnb says that its rating and review system builds trust between people and accomplishes the impossible — convincing people to let complete strangers sleep in their homes.
Well, some scammers found a way to use Airbnb’s ratings system to rob people. Airbnb calls the problem “account takeovers,” which, it said in a blog post published Thursday, has been “receiving increased attention” lately. But the company said it has been working for months on new security solutions.
Basically, account takeovers are when people hack into the profiles of guests who have built up good ratings and reviews on Airbnb, and use those accounts — with some minor tweaks to the personal details — to book stays in the homes of hosts that they then burglarize. The BBC spoke to at least three people who said they’ve been robbed this way.
Takeovers can also work in the reverse — hackers take over host profiles, and try to get unwitting guests to send them money.
“Our model is effective at stopping most account takeovers, but unfortunately there have been some incidents where hosts and guests have suffered. This is not acceptable to us, therefore we’re working around the clock to do everything we can to improve our detection and prevention method,” Airbnb CTO Nathan Blecharczyk wrote in the blog post.
Blecharczyk said the top three ways accounts get hacked is through malware, phishing, and password dumps. Going forward, users will get text-message notifications if details on their profile are changed, and they will be required to use two-factor authentication when logging in to Airbnb on a device that hasn’t previously been used to access their account.
Airbnb offers hosts a $1 million insurance policy, and a spokesperson said hosts whose homes are burgled via account takeovers are reimbursed by the company.
Caroline O'Donovan is a senior technology reporter for BuzzFeed News and is based in San Francisco.
Contact Caroline O'Donovan at firstname.lastname@example.org.
Got a confidential tip? Submit it here.