Quick Hits

In Airbnb, Cybercriminals Find a Comfortable Home for Fraud

The popular travel rental site is an ideal destination for cybercrooks bent on taking over accounts and bookings.

Cybercriminals are always looking for that next hacking adventure, so it's fitting that Airbnb has become an emerging target for fraud on the Dark Web. In the past few months, thousands of Airbnb accounts have become available for purchase on underground cybercrime stores, sometimes for as low as one dollar.

That's according to an investigation from researchers at SlashNext, which found that cybercriminals are using phishing, stealer malware and stolen cookies to gain unauthorized access to Airbnb accounts, then turning around and selling them online. With illicit access to the accounts of legitimate hosts and guests, cyberattackers can book properties or perform other unauthorized actions without raising any alerts.

Researchers found a bustling market for Airbnb-related offerings on one popular cybercrime store, including offers for "account checkers," which are automated programs that rapidly test Airbnb accounts located in a text file; and vacation services themselves, such as accommodations for 50% off.

"It's clear that these services are profitable because the forum threads advertising them have received tens of thousands of views and hundreds of replies," the researchers noted in a Wednesday blog post on the phenomenon. They added that with more than 7 million global listings in 100,000 active cities, Airbnb offers the perfect getaway for hackers looking for something new to pwn.