My Airbnb account was hacked two nights ago, and the PayPal account set up for payments was drained. I followed security instructions to change my password, etc. I was asked to verify recent activity from my devices: the system (Microsoft), the state (Mississippi) and the day (0 days, 4 days, etc). Later, as I looked at the security link again – anything that might help me reach them – new activity showed up from China and Montreal.
I tried to cancel the scam reservations only to receive an email that they wouldn’t refund the money because of the host’s refund policy. Really? I found myself in a loop of help commands that got nowhere, and certainly had no way to contact them to let them know that I did not make the reservation and my account had been used fraudulently. This morning, I received an email from Trust & Safety that I may have received a “malicious message” from another Airbnb member whose account was cancelled but the links in it were, again, a maze.
“At Airbnb, we do everything we can to create a safe and trusted marketplace. Rarely, fraudulent individuals misuse our site in the attempt to obtain offsite payment or to gain access to one’s account by communicating via personal email or phone, or by sending malicious links meant to capture your login credentials, and we wanted to alert you to the possibility of such a scam.”
I had responded to no links. They were not attempting to get “offsite payment.” They hacked my account. They took my money via Airbnb’s unsecured website. Today, my Airbnb account was cancelled, leaving me no way to contact them via phone without a “verified phone number” nor links that all require you to “log in.” Even the link “contact us anytime to reopen a canceled account” makes you log in. I’ve reached out to PayPal for help. Has this happened to anyone else? Is this a large-scale breach that’s not being made public?