Attention travelers and reward enthusiasts: a new threat is emerging for those who collect airline miles and hotel points. Cybersecurity experts from NordVPN and Saily are raising alarms about a concerning trend—loyalty accounts from major airlines and hotel chains are being hacked and sold on the dark web.
Shockingly, these stolen accounts, which can hold hundreds of thousands of miles or points, are being offered for prices as low as $0.75 to $200. The implications are troubling, as once these accounts are compromised, scammers can easily deplete your rewards, book free trips, or convert your hard-earned points into gift cards.
ABC7 Chicago is now streaming 24/7. Click here to watch
To protect yourself from becoming a victim, it is crucial to employ strong, unique passwords for each of your airline and hotel accounts. Additionally, enabling multi-factor authentication wherever possible adds an extra layer of security.
Vigilance is key. Regularly monitor your accounts for any unusual activity, such as unexpected bookings, discrepancies in your points balance, or unfamiliar login notifications. If anything seems amiss, take swift action to safeguard your rewards.
Remember to use a strong, unique password for every airline and hotel account, and turn on multi-factor authentication when you can.
Check your accounts regularly. Look for unfamiliar bookings, missing points, or login alerts, and act fast if something looks off.
You may also want to avoid logging into accounts on public Wi-Fi or make sure you are on a secure connection.
A joint study by cybersecurity company NordVPN and a travel eSIM app, Saily, has shed light on the alarming prevalence of data breaches and loyalty points theft targeting major players in the travel industry.
The research reveals that airlines and hotel chains have had their customer data compromised and sold on darknet forums, putting millions of travelers at risk of identity theft and financial losses.
Copyright © 2026 WLS-TV. All Rights Reserved.
