• Sun. Oct 15th, 2023

Hacker Found Vulnerability That Puts the Data of 100,000 AirBnb Alike Business Users in Danger

Avatar photo

ByEsme Greene

Sep 4, 2023
Hacker Endangers Data of 100,000 Users
Esme Greene
Latest posts by Esme Greene (see all)

On July, 11 a Reddit user under an alias Master-Variety3841 wrote that he found a weakness in the system of a hosting business company and asked Reddit users what he should do next: 

“Found vulnerability, getting ignored. Next steps? I have been sitting on this security vulnerability since early 2020, I accidentally discovered it whilst working on another unrelated project and just happened to browse upon the page with dev tools open.”

He also added that the organization puts in danger around 100,000 booking records of users of gig-economy airbnb-type business. After receiving a copy of the data with potential repair procedures and being notified of the concerns, the company has so far not taken any action to address them.

Hacker`s Intentions Towards Vulnerability

The hacker stated that he has made attempts to report this to his nation’s official cyber security authority, but he is still waiting for a response from them months later. He got in touch with the creators and started a back-and-forth email conversation where he was able to spill all the knowledge he had about their website’s vulnerabilities.

They promised to have their development team located in the Philippines to fix the problem by the end of 2020, but when he checked the same vulnerability a few months later, they had still not done so. He also contacted the creators once more, this time providing an obscured version of the data, but received no response.

Hacker Can’t Decide Whether to Leak 100,000 Records

A concerned individual seems unsure of what to do next – “Should I follow up again, and if nothing is done go public?” – he added at the end of his Reddit post. The responses from users were very different, some voted towards leaking the vulnerable data, while others shared concern about the legal side of publication of private information:

“Be really careful with that. If it’s really a huge thing you could get in really serious trouble if you just publish it. Try to reach them a few more times with the clear statement, that you have to inform the public if they do not respond. And don’t do it on Twitter. Contact some journalist (maybe someone you know or a friend from a friend) and talk to them. Just publishing it could be illegal.” – wrote one of the Reddit users under the OP`s post.

Some users also voted against leaking the data claiming that innocent people don’t deserve being put at even more risk: “Please don’t disclose it publicly. These things always harm people at the bottom. Not going to hurt the upper mgmt at all. If the data contains the customer/client contact email/phone. You could do a mass notification directly to them. It is their info being openly shared. I’m sure they have more legal options.”

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.