Quick Tip: Loyalty accounts tied to major airlines, hotel chains being hacked and sold on dark web

Quick Tip: Loyalty accounts tied to major airlines, hotel chains being hacked and sold on dark web

February 7, 2026 discoverhiddenusacom Technology

Your Airline Miles Are a Target: The Growing Threat to Loyalty programmes

If you diligently collect airline miles and hotel points, you’re part of a growing group – and increasingly, a target. Cybersecurity researchers are warning that loyalty accounts are being actively hacked and sold on the dark web, putting your hard-earned rewards at risk. This isn’t a future threat; it’s happening now.

The Dark Web Marketplace for Rewards

A recent joint study by NordVPN and Saily revealed a disturbing trend: stolen airline and hotel loyalty accounts are readily available for purchase on darknet forums. The price? Surprisingly low. Some accounts, boasting hundreds of thousands of miles or points, are being sold for as little as $0.75, with others fetching up to $200.

This low cost makes loyalty points an attractive commodity for cybercriminals. They can quickly drain your points, book free trips, or convert rewards into gift cards – all at your expense.

Why Loyalty programmes Are Vulnerable

Loyalty programmes represent a concentrated pot of value, making them prime targets. Unlike credit card fraud, where transactions often trigger immediate alerts, the misuse of loyalty points can go unnoticed for weeks or even months. This delay gives criminals ample time to exploit stolen accounts.

The recent Qantas breach in July 2025, which exposed the records of 5.7 million customers, highlights this vulnerability. While passwords and points weren’t directly taken, the incident underscores the broader surge in attacks targeting loyalty programmes.

What Scammers Do With Your Points

Once scammers gain access to your loyalty account, the possibilities for misuse are extensive. They can:

  • Book flights and hotel stays for personal use or resale.
  • Convert points into gift cards.
  • Sell the points directly on the dark web to other criminals.
  • Use the points to purchase goods and services.

The impact extends beyond the financial loss of points. Stolen accounts can also lead to identity theft and further compromise your personal information.

Protecting Your Rewards: A Proactive Approach

Fortunately, there are steps you can take to protect your loyalty accounts:

  • Strong, Unique Passwords: Use a different, complex password for each airline and hotel account.
  • Multi-Factor Authentication (MFA): Enable MFA whenever possible. This adds an extra layer of security, requiring a code from your phone or email in addition to your password.
  • Regular Account Monitoring: Check your accounts frequently for unfamiliar activity, missing points, or suspicious login alerts.
  • Secure Connections: Avoid logging into accounts on public Wi-Fi networks. Ensure you’re using a secure connection.

Pro Tip: Consider using a password manager to generate and store strong, unique passwords for all your online accounts.

The Future of Loyalty programme Security

Experts predict that attacks on loyalty programmes will continue to rise as criminals seek out new and lucrative targets. Airlines and hotels are investing in enhanced security measures, but the onus also falls on travelers to protect their accounts.

We may see increased adoption of biometric authentication and more sophisticated fraud detection systems in the future. However, the most effective defense remains a combination of strong security practices and vigilant account monitoring.

FAQ: Loyalty programme Security

Q: How can I tell if my account has been hacked?
A: Look for unfamiliar bookings, missing points, login alerts from unusual locations, or changes to your account information.

Q: What should I do if I suspect my account has been compromised?
A: Immediately contact the airline or hotel’s customer service department and change your password.

Q: Is it safe to store my loyalty account information in a mobile app?
A: Only use reputable apps from trusted sources and ensure they have robust security measures in place.

Q: What is multi-factor authentication?
A: MFA adds an extra layer of security by requiring a second verification method, such as a code sent to your phone, in addition to your password.

Did you know? Stolen loyalty accounts can sell for as little as $0.75 on the dark web, making them a low-risk, high-reward target for cybercriminals.

Stay informed and proactive about protecting your loyalty accounts. Your miles and points are valuable – don’t let them fall into the wrong hands.

Explore more articles on travel security and cybersecurity best practices on our website.