Airbnb accounts can be hijacked through phone number recycling, creating a new account with a phone number that belonged to another customer. The bug was discovered by accident when the husband of a SecurityWeek reader created an Airbnb account and gained access to an account set up by a woman in North Carolina who previously had the same phone number.

More:

• Airbnb said that only a very small number of users are impacted by the flaw. 
• Airbnb has a bug bounty program through HackerOne and has paid more than $1M in bounties so far.
• In 2018, the security risks of recycled phone numbers were highlighted in a study by security firm Detectify.