NordVPN and Saily Study Finds Thousands of Airline Loyalty Accounts Leaked on Dark Web

• NordVPN & Saily Finds Loyalty Accounts Theft: Thousands of airline and hotel loyalty accounts sold cheaply on dark web forums.
• Airlines & Hotels Targeted: American, Delta, Emirates, Hilton, Marriott, IHG most frequently mentioned in leaked data.
• Protection Measures: Use strong passwords, multi-factor authentication, and VPNs to secure loyalty accounts from hackers.

A recent study conducted by cybersecurity firm NordVPN in collaboration with Saily, an eSIM service provider, has revealed a worrying trend: thousands of airline and hotel loyalty accounts are being sold on the dark web. These accounts contain travel miles and reward points that can be misused without the owners even knowing about it.

With the holiday travel season approaching, experts warn that many frequent flyers may unknowingly lose their hard-earned miles, which are sometimes sold for extremely low prices on underground forums.

How the Study was Conducted

The study was carried out by NordVPN cybersecurity experts along with the Saily team. It was a short exploratory research focused on understanding how travel loyalty data is exposed on the dark web.

Researchers used NordStellar’s Dark Web Search tool, which relies on AI-based filtering, to scan content posted over the last five years. The data collection involved several steps. First, the tool identified posts related to travel and loyalty programs. Then, posts specifically mentioning airlines and hotels were analyzed after removing spam and duplicate content.

In total, researchers found 1,045 meaningful posts discussing airlines and 551 posts related to hotel loyalty programs. To identify leaked databases being sold, keywords such as price, USD, BTC, and XMR were used. Out of more than 17,000 posts initially found, only 29 were confirmed to be related to leaked travel databases.

Researchers noted that dark web data is fragmented and inconsistent, so the findings should be seen as indicators rather than complete statistics.

Airline Loyalty Accounts Sold for Less Than a Dollar

According to the study, several major airlines are frequently discussed on dark web forums. These include American Airlines, Southwest, Emirates, United, Alaska Airlines, and Delta. Together, these airlines account for more than half of all airline-related cybercrime discussions found during the research.

Most discussions involve the sale of stolen loyalty program accounts, some containing hundreds of thousands of miles. While many sellers do not publicly list prices, some accounts are sold for as little as $0.75, with higher-value accounts reaching up to $200.

The most mentioned airlines on the dark web include:

• Southwest Airlines (12.2%)
• Emirates (11.5%)
• United Airlines (11%)
• Alaska Airlines (10.4%)
• American Airlines (8.9%)
• Delta Airlines (7.3%)
• JetBlue (6.5%)
• Frontier (5.9%)
• British Airways (5.5%)
• Spirit Airlines (4.3%)
• Lufthansa (3.3%)
• Air Canada (2.3%)
• China Airlines (2.3%)
• Vietnam Airlines (1.9%)

Cybercriminals use these stolen accounts to book free flights or other perks. While sellers often claim “safe usage” or “pay after travel,” experts warn that these bookings are risky and can be traced back to fraud, leading to cancellations or legal trouble.

Hotel Loyalty Databases Also Being Traded

The study also found that hotel chains are a major target for cybercriminals. Dark web posts often advertise leaked hotel databases that include not only guest information but also loyalty account details.

Hilton, Marriott, and IHG were the most mentioned hotel brands, accounting for 34%, 24%, and 21% of mentions respectively. Other names include Choice Hotels, MGM Resorts, and Hyatt.

Some leaked databases reportedly contain millions of records, including names, email addresses, stay history, and in some cases even passport numbers. Databases with highly sensitive information can sell for prices as high as $3,000 on the dark web.

Why Travel Loyalty Accounts are Targeted

Cybersecurity experts say the travel industry is a lucrative target because it handles large amounts of personal and financial data. With peak travel seasons like Christmas, stolen miles and hotel points become especially valuable.

Hackers use methods such as phishing scams, data breaches, and credential stuffing attacks to gain access to loyalty accounts. Once inside, they can quickly convert points into gift cards, transfer them to other accounts, or book flights and hotel stays for resale. Since these activities often look like normal account usage, detecting fraud can be difficult.

The study suggests that cyber threats targeting the travel industry are likely to increase, with stolen data continuing to be traded actively on the dark web.

How Travelers Can Protect Themselves

Experts recommend several steps to reduce the risk of loyalty account theft. Using strong and unique passwords for each account and enabling multi-factor authentication are among the most effective measures.

Travelers are also advised to regularly check their airline and hotel account login history and monitor point redemptions. Any suspicious activity should be addressed immediately by changing passwords and contacting the service provider.

Additionally, using a VPN while browsing on public networks can help protect personal data. VPN services like NordVPN encrypt online activity, while eSIM services such as Saily reduce the need to connect to public Wi-Fi, adding another layer of security when traveling.