A recent fault in the Airbnb website has provoked worries among property hosts, who noticed a login failure that reportedly directed users to the message inboxes of other hosts. The Airbnb data glitch appears to have only been brought to the attention of the company by their users, who discussed the issue on a Reddit forum.
A popular accommodation rental marketplace for holidaymakers, Airbnb downplayed the glitch, and the amount of affected hosts was not immediately confirmed. But such a glitch is concerning as it can expose private and personal information. This can raise fair questions over the security of the company’s systems and its adherence to data protection regulations.
While Airbnb said that the glitch was a small-scale, stand-alone incident, at Your Lawyers – The Data Leak Lawyers – we know that even seemingly elementary errors can be disastrous. If an organisation ever fails to sufficiently protect your data, they may have breached the GDPR, and you could be entitled to claim compensation.
How was the data exposed?
Airbnb issued the following statement in response to the breach:
“On Thursday, a technical issue resulted in a small subset of users inadvertently viewing limited amounts of information from other users’ accounts. We fixed the issue quickly and are implementing additional controls to ensure it does not happen again.”
The implied scale of the breach in this statement appears to be at odds with media reports from people who say they are affected hosts, with one claiming that users could access the inboxes of, “hundreds of other hosts”. One Reddit user also reported that they could see messages giving details of “people’s addresses and the codes to get in their homes”, fearing that other users could view the same details in their own inbox.
Airbnb have stated that the problem was isolated to their website and did not affect the mobile app, but it remains unclear how the issue had arisen in the first place.
The impact of the Airbnb data glitch
Hosts have since reported that the Airbnb data glitch has been fixed, but the window of opportunity could have allowed for the theft and misuse of users’ personal information. The exposure of addresses and entry passcodes could potentially allow break-ins to the affected properties, or these details could be published and/or sold online.
A further but unrelated glitch was later revealed, in which the Airbnb system reportedly deactivated users’ accounts and cancelled bookings. While this incident did not involve data exposure, it does raise more concerns about the effectiveness and security of Airbnb’s computer systems. Indeed, Airbnb reportedly asked users to simply delete their cookies following the glitch, which appears to represent a very basic response to a potentially substantial data security matter.
Holding companies to account
At Your Lawyers – The Data Leak Lawyers – we believe that data security incidents such as the Airbnb data glitch should never be played down. We have years of experience in this niche area of law and have helped many clients to claim compensation for the losses, expenses and distress that have arisen from data leaks.
For data breaches in England and Wales, our team can offer free, no-obligation advice here.