Airbnb fights off account hijackers with new security tools
The website now has multi-factor authentication.
If you get hacked on Airbnb, you won't only have to worry about criminals getting ahold of your credit card details. You'll also have to fret about internet scammers knowing exactly where you're staying on a particular date or the addresses of the properties you own. In a blog post, the company has announced that it has added new security measures to protect your account from hijackers. Starting today, you'll have to authenticate every new phone, tablet or computer you log into by typing in the unique code Airbnb sends you via text or email. It's no two-factor authentication, but it can at least lessen the chances of a rando getting into your account.
In addition, you'll now get text messages whenever changes are made to your account, so you'll get a heads up if someone else is tinkering things in there. The company says it already uses a machine learning model that predicts whether it's the true owner or a hijacker who's trying to log in based on locations and IPs. If the system thinks it's a hijacker, it will require additional info.
However, account takeover is one of the biggest problems on the internet today, since hackers have more and more password dumps from massive security breaches to consult. If their targets' passwords aren't there, they can also turn to phishing or infecting people's computers with malware. Airbnb must have felt that its machine learning model isn't enough anymore and added the extra layer to keep interlopers out.
