What’s Happening?

The breach exposed personal data of users and property owners registered on Niido, including:

The open bucket also revealed around 300 PDF files with invoices for orders made by the company.

Whose Data Is Affected and What Are the Consequences?

Our team discovered that the misconfigured bucket had 2 CSV files with between 20-30MB of data with around 9,500 Personal Identifiable Information (PII) and a few hundred confidential files. The data included some duplicate information and empty values. According to the names of the files, all exposed data belongs to registered AirBnB users — both guests and hosts.

An additional CSV file with 2,000 entries showing full names, confirmation codes, and user reviews score was also found within the bucket.

How Did It Happen and What Shall I Do Now?

Unless intended to be accessed by the public, any server and bucket used to hold user personal data should be set to private. This would significantly lower the chances of a data breach happening. If you regularly use your Airbnb or Niido account, delete unnecessary information on your profile and limit the data you share in the future. You should also be aware of any phishing emails or phone calls that ask you to share more personal information. Should you notice any suspicious activity or unknown changes on your accounts, report it as soon as possible. As a general rule, it’s a good idea to protect your online traffic by connecting to a VPN. This adds an additional layer of protection to your data through masking your IP address as well as preventing any malware from attacking your devices. VPNs are very easy to navigate through, even for those who never heard of them before — for an easy tutorial check out our beginner’s guide to VPNs.

Who Is WizCase?

Available in over 30 languages, WizCase is an online security website that reaches millions of readers worldwide. Our team always reaches out to any platform involved in data leaks and breaches as soon as the vulnerability is discovered. This is done prior to publishing any report in order to ensure the breach is secured and the users whose data was exposed are safe from any harm.