The internal leak exposed Airbnb hosts’ personally identifiable information (PII) to other users.

Last week, a limited number of Airbnb users using desktop and mobile web platform versions of the service were inadvertently shown inbox conversations of other users in the system. 

“On Thursday, a technical issue resulted in a small subset of users inadvertently viewing limited amounts of information from other users’ accounts,” a spokesperson from the company said. “We fixed the issue quickly and are implementing additional controls to ensure it does not happen again.”

The company also added that it “does not believe any personal information was misused and at no point was payment information accessible.”

It is reported that Airbnb has self-reported its breach to the European Data Protection Supervisor (EDPS), but PrivSec Report is awaiting confirmation from the company.

According to Computer Weekly, users began reporting to the Airbnb sub-Reddit that they could see other hosts’ PII, addresses and messages.

As reported by Computer Weekly, Ray Walsh, data privacy expert at ProPrivacy, said: “It seems clear that the leak is going to cause a lot of upheaval for Airbnb hosts, who will need to update the codes to their homes in order to secure them and ensure they are not potentially at risk of burglary.”

The company may now be facing investigations under multiple different jurisdictions including the EU’s GDPR.