506781—the two-factor authentication code needed to access my Dropbox account on November 15, 2015. I know because it’s still there in my SMS history, a permanent record of my accessing Dropbox from new devices. I have full iCloud history in much the same way—332486 was the code on October 4, 2014. I can see the same for Microsoft, Uber, Sony… You get the point.
As I’ve written before, SMS messaging is best avoided—it’s an archaic and unsecured platform with no place among the myriad end-to-end encrypted alternatives we can now use. If you want to message family, friends, colleagues, then skip SMS and use iMessage (blue bubbles only), WhatsApp, Signal, Telegram (albeit its encryption is more complex than the others). And while you may consider your private messages to be of little interest to others, you still seal envelopes despite trusting the postal services and
Given you’re reading this story, the chances are that you’re somewhat cyber aware. If I was to send you a file attachment in a text message—let’s say a Word or PDF document, you’re hopefully programmed to ask a whole set of questions before opening or saving that attachment to your phone. Do I know the sender? Was I expecting the file? But what if it was just a photo—something amusing or attention-grabbing to keep or share? You can view the image within the messaging app, you can see what you’re getting, surely there’s no harm in saving it to your photo album?
If only that was the case. The fact is that a malicious image has the same capacity to damage your device and steal your data as a malicious attachment. The only difference is that it’s a more sophisticated attack, which makes it rarer. We saw the latest
Airbnb may be at the heart of a severe security incident as hosts report they are able to inadvertently access private inboxes that are unrelated to their accounts.
On Thursday, Airbnb hosts flooded Reddit, querying the sudden appearance of inboxes that do not belong to them when they signed into the service.
See also: CISA says a hacker breached a federal agency
In screenshots of an inbox shared on the platform, Reddit user “Autocasa” said that they had “no association with these people or their apartment names.”
While no guest account, as of yet, has reported similar issues, hosts are saying they are able to see other people’s addresses and other information — such as codes required to access a property — which means that the Airbnb inbox issues could be considered an extremely serious security incident that could compromise the security of people’s homes.