iscover
A new study from NordVPN and travel eSIM app Saily has found that major airlines and hotels are at high risk of scams, resulting in customer information being sold on the dark web.
The study analysed airline, hotel and travel-related posts on the dark web and found that major global and US-based airlines, such as American Airlines, Southwest, Emirates, United, Alaska, and Delta, made up over half of all airline cyber crime discussion on dark web forums.
This content is available exclusively to Australian Aviation members.
A monthly membership is only $5.99 or save with our annual plans.
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
Loyalty program accounts are the assets most likely to be stolen or sold, with phishing scams being a primary method of accessing customer data, credentials and log-in details. Data breaches that expose wider customer base information is another method that cyber criminals commonly employ.
Once sensitive information has been obtained, this enables cyber criminals to book free, cashless and hard-to-trace flights under the accounts of travellers with hundreds of thousands of travel points worth thousands of dollars.
“The travel industry is a lucrative target for hackers due to the sensitive personal and financial data they handle. Our research shows that airlines continue to face data breaches, and this stolen information has a thriving market on the dark web,” NordVPN chief technology officer Marijus Briedis said.
“Consumers should strengthen their account security, particularly during busy travel periods when scammers are most active.”
Airlines aren’t the only travel sector facing this threat, hotel scams are also taking off.
The report found that global hotel chain Marriott made up 35 per cent of dark web hotel mentions, alongside Accor, Hilton, and IHG.
Once cyber criminals access customer data through similar scams used on airlines, high-value, sensitive data, including names, email addresses, and potentially passport numbers, are at risk of being leaked and can sell for up to $3,000.
“The price of stolen databases isn’t determined by their volume. What drives the value are sensitive details like passport numbers, loyalty points or information linked to places or organisations that attract extra attention,” Saily CEO Vykintas Maknickas said.
“High-value data like this justifies much higher prices, which motivates cyber criminals to target companies in the travel sector more aggressively.”
Saily and NordVPN both warn travellers and customers to remain vigilant during this busy travel season and that simple cyber safety techniques like changing passwords and turning on multi-factor authentications are critical.
“Check your accounts before and after a trip. Travelling increases exposure simply because you’re accessing your accounts more and not always on trustworthy networks. Consider using a travel eSIM to minimise these risks,” Maknickas said.
