A joint study by cybersecurity firm NordVPN and travel eSIM provider Saily has revealed a growing threat: Stolen airline and hotel loyalty accounts being traded on the dark web. Accounts loaded with hundreds of thousands of miles or hotel points are being sold for as little as $0.75 to $200, while entire hospitality databases can fetch up to $3,000. These breaches put millions of travelers at risk of identity theft and financial loss.
The research highlights that major airlines—including American Airlines, Southwest, Emirates, United, Alaska, and Delta—dominate dark web discussions, accounting for over 54% of airline-related cybercrime posts. Cybercriminals gain access through phishing attacks, data breaches, and credential stuffing, taking advantage of reused passwords across multiple platforms. Once inside, stolen miles or points are used to book flights, converted to gift cards, or transferred to other accounts, often blending in with legitimate activity, making detection difficult.
“The travel industry is a lucrative target because of the sensitive personal and financial information it handles,” says Marijus Briedis, CTO of NordVPN, in a press release. “With the holidays approaching, consumers should strengthen account security to avoid becoming a victim of loyalty fraud.”
Hotels are not immune. Chains like Marriott, Hilton, IHG, and Accor are frequently mentioned on darknet forums, with Marriott alone representing 35% of hotel-related postings. Leaked databases often include millions of records, including guest names, emails, stay histories, and sometimes passport numbers. High-value details like these drive up prices and incentivize hackers to target the hospitality sector aggressively. “Sensitive data such as loyalty points or passport information commands high prices on the dark web,” explains Vykintas Maknickas, CEO of Saily, in a press release.
Travelers can take several precautions to protect their accounts. Using strong, unique passwords for every loyalty program, enabling multi-factor authentication, and checking login history regularly can prevent unauthorized access. Alerts for unusual point redemptions can help catch fraud early. Maknickas also recommends using secure connections, like travel eSIMs, and avoiding public Wi-Fi for account access.
Briedis adds that a VPN is essential for staying secure on public networks and warns against phishing emails or calls claiming to be from airlines or hotels. “Travelers must remain vigilant—cybercriminals exploit busy seasons like the holidays when people are distracted,” he says.
The NordVPN-Saily study underscores a critical reality: loyalty programs, while rewarding for travelers, are increasingly attractive targets for cybercriminals. Vigilance, strong security habits, and awareness of online threats remain essential to protecting both personal data and hard-earned points.
For further insights, the full report is available at NordVPN.