Airline, hotel loyalty program data targeted for dark web sale

Airline and hotel loyalty accounts have become a "first-class" commodity on the dark web, with stolen credentials selling for as little as $0.75, according to a study by NordVPN and Saily.

Researchers used AI-driven tools to analyze five years of dark web activity, identifying 1,045 unique posts discussing airline data and 551 regarding hotels, according to a report by Travel Mole.

The report found six carriers — Southwest, Emirates, United, Alaska, American and Delta — account for more than 54% of all airline-related cybercrime discussions. Southwest led the list, appearing in 12.2% of mentions.

The illicit market isn't limited to individual logins. Massive databases containing guest names, stay histories and passport numbers are also for sale, with high-value leaks fetching up to $3,000. Among hotel chains, Hilton (34%), Marriott (24%), and IHG (21%) were the most frequently targeted.

Cybercriminals typically acquire this data through phishing, credential stuffing, or direct breaches. Once accessed, points are often converted into gift cards or resold as fraudulent bookings.

Experts recommend travelers use multi-factor authentication, monitor login histories and avoid public Wi-Fi by using VPNs or eSIMs to mitigate risks.