Posted by1 month ago
Home; Log in. Welcome to the airbnbsecrets course! Username or Email: Password: signup now forgot password? Mar 29, 2019 - You can't login to Airbnb by curl because Airbnb uses google captcha which can't be resolved. This is why it returns success: false.
Hi,
![Airbnb Airbnb](/uploads/1/2/3/8/123848149/723539288.jpg)
I woke up today to 2 emails from Airbnb confirming a booking made in Barcelona at 3 AM. The bookings look like some type of fraud to transfer money from my saved credit cards in my account (the host looks like a fake host with a fake listing). I assumed that my account was hacked so started by contacting Airbnb support. However, I was confused as to how my account would be breached because
- I login through airbnb through Google
- My google login requires 2 factor authentication through Authenticator
![Airbnb host sign in Airbnb host sign in](/uploads/1/2/3/8/123848149/893549756.jpg)
This makes it nearly impossible to login to my Airbnb account unless you've secured my physical phone and my login details. Airbnb trust & security was clueless as how my account could have been breached and ask me to talk to Google. I called Google to see if my Google account was breached and they confirmed there had been no new logins from a different IP address. I then went through my Airbnb account and it showss NO logs of someone logging in from a device other than my logins.
Based on this I think it's possible there was an internal data leak at Airbnb where Oauth codes of users were stolen. Google has also already confirmed to me that there was no new logins on their side which means an existing Oauth token was used. The only party that stores my login token's would be Airbnb so I think it's possible they had an internal breach.
Unfortunately I wasn't able to communicate this to Airbnb Trust and Safety (they didn't understand the technical details of the issue). I'm just raising this issue because for all people who login through Facebook/Google/etc that your account may be at risk.
5 comments