Pages

20/12/2016

Facebook and Airbnb login bug, now you are someone else

Well, everyone nowadays is running around trying to spot and fix bugs for money and I just stumble upon someone else's information for free.

This is an unexpected Christmas gift given it happened close to this huge fail from VISA, which makes it possible to guess full credit card details in a frighteningly fast amount of time. So read that article first, and then image what could someone do if they had all your personal info, including partial credit card data.


Now imagine that someone could be anyone trying to log into their Airbnb account using the 'Login with Facebook' option and ending up into your Airbnb account.

This is exactly what happened (and is still not fixed, but more on that later) to me one month ago. I was trying to log into the Android Airbnb app from my vacation place and chose the Facebook login option, but when I was in, i realised something was wrong because I had an apartment up for rent in New York and my name was Marissa. I don't remember what happened the night before but it must have been an awesome party.

Clearing caches, uninstalling the apps, logging out and restarting the phone or trying to log in from a desktop browser have no effect. I am Marissa now. It was not easy learning to walk on high heels but I get free drinks when I go around, so I have that going for me, which is nice.

Of course I contacted the actual owner of the account through Facebook - also attaching a screenshot of the data I was seeing in the app - and I received a quite disappointing 'ok' as reply and nothing else. Must have been the worst pickup line ever I believe.

I also contacted Airbnb (3 times!), which is apparently a needlessly tricky operation involving knowing when the next full moon is and sacrificing a dodo to the gods, and got no reply at all.

I then contacted Facebook reporting a 'bug in privacy' and attaching the same screenshot; still got no reply. So I opened a copyright infringement complaint which was unsurprisingly answered immediately and of course rejected. I then asked to maybe forward the case to the proper team since I think it might be quite a big deal having someone sniff through your stuff because of your mistakes, but got no other reply.

I understand with the election result they might have something bigger on their minds, but still.. wtf?!?!

No comments:

Post a Comment

With great power comes great responsibility