New Research Exposes Airbnb as Breeding Ground For Cybercrime

Written by

Cyber-criminals have been increasingly exploiting the Airbnb platform for fraudulent endeavors. A new analysis by cybersecurity experts at SlashNext highlighted the methodologies employed by these malicious actors to compromise user accounts and profit from stolen data.

Airbnb, a household name in the travel industry, has become a prime target due to its global popularity, offering travelers relatively affordable accommodation. However, SlashNext explained that this accessibility has also allowed cyber-criminals to manipulate the system for their gain.

Central to these cyber-attacks are stealers, which surreptitiously infiltrate devices, harvesting sensitive information such as login credentials. This stolen data is then transmitted to the attackers, enabling unauthorized access to user accounts. The research illuminates the various entry points exploited by cyber-criminals, from software vulnerabilities to social engineering tactics.

The research further reveals the existence of an underground marketplace where cyber-criminals buy and sell access to compromised devices (also known as bots, installs or infections) in bulk. This allows criminals to rapidly deploy their malicious software on a broad scale, amplifying the reach of their attacks.

Read more on cybercrime forums: Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

Among the methods employed by cyber-criminals to gain unauthorized access to user accounts, session cookies play a significant role. These small files store user preferences and browsing information, often granting temporary website access. 

Cyber-criminals purchase stolen Airbnb account cookies from underground forums, granting them unauthorized entry without needing valid usernames and passwords. Though short-lived, these stolen access windows are swiftly exploited by attackers.

The study also exposes the monetization of the stolen data. Cyber-criminals leverage online forums and digital marketplaces to sell compromised account information and stolen cookies directly to interested parties. The scale of account theft has reportedly led to a devaluation of each compromised Airbnb account, with prices as low as one dollar.

This research underscores the importance of understanding the evolving tactics employed by cyber-criminals and the vulnerabilities they exploit. It is a reminder that even platforms as trusted as Airbnb can harbor hidden risks, necessitating heightened awareness and proactive security measures from users.

Editorial image credit: Ink Drop /

What’s hot on Infosecurity Magazine?