Security News > 2020 > September > Airbnb Accounts Exposed to Hijacking Due to Phone Number Recycling
A cybersecurity enthusiast learned recently that Airbnb accounts can be easily hijacked by creating a new account on the home-rental service with a phone number that in the past belonged to another Airbnb customer.
A SecurityWeek reader named Maya contacted us recently after her husband was accidentally signed into another user's account when trying to create an Airbnb account.
After entering his phone number during the account registration process, Maya's husband received a 4-digit code via SMS that, when entered, resulted in him being logged into the account of the previous owner of his phone number.
Airbnb support staff told Maya to register an account using a different phone number, and claimed that the company ensures every account is secured and can only be accessed by the legitimate account holder.
This statement does not seem true given that recycled phone numbers apparently provide a means to repeatedly access other users' accounts.