Research Insights into Stolen Loyalty Accounts
A recent study conducted by cybersecurity experts from NordVPN, in collaboration with the Saily eSIM app team, highlights the alarming trend of loyalty data exposure on the dark web. This exploratory investigation delves into how loyalty accounts, particularly those linked to airlines and hotels, are being compromised and sold in clandestine online marketplaces.
Methodology of the Study
The research utilized NordStellar’s Dark Web Search tool, leveraging AI-driven filtering techniques to sift through relevant content from the past five years. The data collection unfolded in several phases, focusing on identifying discussions and listings pertaining to travel loyalty programs.
Initial Dark Web Search Setup
The first step involved setting up the Dark Web search feature to automatically locate posts that could pertain to travel and loyalty program data. Utilizing sophisticated AI filtering, the researchers aimed to classify and identify content efficiently.
Airline-Related Discussion Analysis
Next, researchers analyzed posts specifically related to airlines using targeted keywords like “travel” and “airline.” Initial filtration efforts sifted through extensive amounts of spam and duplicates, ultimately revealing 1,045 unique posts that discussed loyalty accounts or data breaches tied to airlines. The frequency of mentions was also tracked, allowing for insights into which airlines were most frequently discussed.
Exploring Hotel-Related Posts
A similar approach was taken for hotel loyalty programs, with researchers searching for the keyword “hotel.” This exercise yielded 551 unique posts pertaining to hotels, after removing irrelevant entries.
Leaked Travel Databases Analysis
The analysis was extended to posts that advertised travel-related databases, utilizing keywords like “price” and “database.” The researchers initially encountered 17,578 posts, but after meticulous filtering, only 29 relevant posts remained. This indicated a small fraction, approximately 0.2%, that contained significant data regarding travel.
It’s essential to note that the dark web is an inconsistent and fragmented environment. Therefore, while these findings offer informative insights, they should be regarded as preliminary rather than definitive statistics.
Common Targets: Airline Loyalty Accounts
The study illuminated a concerning trend: American Airlines, Southwest, Emirates, United, Alaska, and Delta were identified as the most discussed airlines on dark web forums, making up over 54% of all airline-related cybercrime conversations. The most common subject matter revolved around the sale of stolen loyalty program accounts, which can hold hundreds of thousands of points.
Sellers typically do not advertise prices, but those who do offer these accounts for as low as $0.75 to $200. Stolen accounts present cybercriminals with opportunities to book free flights and other perks, often at the expense of legitimate customers. While sellers may claim secure transactions, many of these deals are completed using stolen payment information, which raises the risk of prosecution for buyers using these tickets.
Statistical breakdowns show that the following airlines are frequently mentioned in dark web transactions:
- Southwest Airlines (12.2% of all mentions)
- Emirates (11.5%)
- United Airlines (11%)
- Alaska Airlines (10.4%)
- American Airlines (8.9%)
- Delta Airlines (7.3%)
- JetBlue Airlines (6.5%)
- Frontier Airlines (5.9%)
- British Airways (5.5%)
- Spirit Airlines (4.3%)
- Lufthansa (3.3%)
- Air Canada (2.3%)
- China Airlines (2.3%)
- Vietnam Airlines (1.9%)
Hotel Loyalty Programs Under Threat
The investigation also revealed that hotel chains are vulnerable, with leaked databases often containing guest information alongside loyalty account details. Brands like Hilton, Marriott, and IHG topped the list, accounting for 34%, 24%, and 21% respectively of mentions in dark web discussions.
Additionally, other hotel chains, such as Choice Hotels and Hyatt, were identified as targets. Leaked databases sometimes encompass millions of records, which may include sensitive details like names, email addresses, and passport numbers. These treasures of data can fetch up to $3,000 on the dark web.
Methods of Data Compromise
How do cybercriminals gain access to these loyalty accounts? Primarily through phishing scams, data breaches, and credential stuffing attacks. Once an account is compromised, criminals can quickly liquidate loyalty points for gift cards or use them for bookings, making it challenging to trace the movement of points.
The travel sector is particularly appealing to hackers due to the vast amounts of sensitive data it manages. This study suggests that the industry should remain vigilant as the prevalence of cyber threats, including data breaches and account takeover attempts, continues to rise in the dark web realm.
Protect Yourself Against Cyber Threats
To safeguard against these risks, individuals can adopt several proactive measures. First, using strong, unique passwords for each account and enabling multi-factor authentication is crucial. Regular account monitoring can also help identify suspicious activities early, allowing for immediate password changes if needed.
Setting alerts for unusual point redemptions can provide an additional layer of security. Furthermore, employing a reliable VPN service can protect users from prying eyes while browsing in public areas, while services like Saily can enhance security by removing the need for public Wi-Fi connections. Together, these practices can significantly fortify individual defenses against cyber threats in the travel sector.
