Airbnb suffered a data breach in its system that resulted in the exposure of a limited number of Airbnb hosts to other hosts inside the service when using its desktop and mobile web platforms.
The home-sharing platform will face a potentially massive fine under General Data Protection Regulation (GDPR) legislation after notifying the Irish Data Protection Commission of the security incident.
The news of data security incident came on 24th September when some users were able to access the inbox messages and personally identifiable information (PII) of other users including the addresses of hosts and details of Airbnb properties.
According to a spokesperson at Airbnb, the technical issue resulted in a small subset of users inadvertently viewing limited amounts of information from other users’ accounts. They have fixed the issue quickly and are implementing additional controls to make sure that such incidents do not happen in future. He added that no personal information was misused and payment information were not accessed at any time.
The issue was fixed within three hours and was due to a technical malfunction and not a malicious cyber-attack on the company’s infrastructure. Those users who inadvertently got access to the data of others were not able to alter it, send messages, or change bookings or listings.
Having access to people’s sensitive personal information, including their names and addresses, as well as property security codes puts hosts and consumers at great risk.
This incident can make Airbnb liable to “massive fines” according to the latest GDPR EU legislation, whereby firms can be fined up to four per cent of their annual global turnover for the most significant breaches. Penalties for a GDPR data breach could reportedly reach up to £17 million.
A full investigation regarding the security incident might have to be launched to know how and why it happened and also to know what liability Airbnb should face for having caused such a dangerous data leak.
A data leak would infringe on the data privacy rights of Airbnb hosts as they did not know where their data was being stored or how it was being used.
Image Credits : Airbnb