Share
Cybercriminals have found a lucrative niche in the shadow economy by trading stolen air miles for as little as 56p.
A new investigation by NordVPN and travel eSIM provider Saily has exposed a massive market for these digital assets on the dark web.
The study analyzed thousands of forum posts and listings where frequent flyer accounts are sold at a fraction of their real-world value. Some of these compromised accounts contain hundreds of thousands of miles. This allows hackers to book luxury flights or hotel stays for next to nothing.
Emirates and British Airways top list
Researchers found that Emirates and British Airways are among the most frequently mentioned brands in these underground markets. The high volume of discussions suggests these accounts are “high-demand” items for digital thieves.
Hackers primarily gain access through credential stuffing and phishing attacks. Many people use the same password for their email and their frequent flyer accounts. This makes it easy for criminals to “harvest” data from one breach and apply it to another.
The danger extends far beyond losing a few free flights. These accounts often store sensitive personal information, including home addresses and passport numbers. Criminals can use these details for full-scale identity theft or to sell to other fraud networks.
Hotel loyalty schemes are also under fire in this growing trend. Databases for global chains like Marriott and Hilton have been spotted for sale for as much as £2,250. These sets often include guest history and payment preferences.
Experts warn that travellers often overlook the security of their loyalty points compared to their bank accounts. This lack of oversight allows months of fraudulent activity to pass without being noticed.
Marijus Briedis, Chief Technology Officer at NordVPN, advises travellers to treat their air miles like cold hard cash. He recommends using a unique, strong password for every travel account and enabling multi-factor authentication (MFA).
Switching to a travel eSIM instead of using public airport Wi-Fi can also reduce the risk of hackers intercepting your login details. Staying alert for unsolicited emails that mimic airline branding is essential to avoiding phishing traps.
Related Posts
Discover more from Tech Digest
Subscribe to get the latest posts sent to your email.