Frequent travelers are finding a new threat to their perks: cybercriminals manipulating loyalty programs. Stolen airline miles are being traded and resold as discounted travel, revealing how underground markets treat loyalty accounts like tradable currency.
Loyalty Miles Have Become a New Currency in the Cyber Underworld
Cybersecurity firm Flare has uncovered the ongoing transformation of airline miles and loyalty points into a form of currency on illicit platforms. Cybercriminals are now manipulating loyalty programs, monetizing stolen credentials through unauthorized account access and reselling the resulting bookings at steep discounts to unsuspecting buyers on dark web forums.
Airline loyalty programs have long served as commercial incentives for frequent travelers, but they have since evolved into profitable targets for criminal networks. Flare’s research details how stolen airline miles and other loyalty rewards are treated as tradable assets in underground markets, a trend that puts millions of travelers who depend on these points for flights and hotel stays at serious financial risk.
How Cybercriminals Exploit Loyalty Accounts
The unauthorized access typically begins with data breaches, where account credentials are exposed and subsequently listed for sale in dark web marketplaces. From there, the operation follows a clear, repeatable process that criminals have refined over time:
- Harvesting credentials through phishing attacks or large-scale data breaches.
- Selling or purchasing stolen account access on illegal forums.
- Redeeming stolen points for flights or hotel stays.
- Reselling those reservations at discounted rates to buyers who may not know the bookings were made fraudulently.
Flare’s findings highlight that these underground markets operate with a level of structure that mirrors legitimate e-commerce, complete with seller ratings, dispute resolution, and bulk pricing for high-value loyalty accounts. This level of organization makes the threat more persistent and harder to disrupt.
Implications for Airlines and Travelers
The exploitation of loyalty programs does not only affect individual travelers — it poses significant operational and financial challenges to the airline industry by undermining the integrity of their promotional strategies.
This manipulation erodes the original purpose of loyalty programs, affecting both the customer experience and airline revenue streams. Airlines are being forced to invest more heavily in cybersecurity infrastructure to protect their systems, adding costs that ultimately ripple through the broader travel industry.
Travelers face the direct risk of losing accumulated points without warning, eliminating their ability to redeem benefits they legitimately earned. It is increasingly important for travelers to monitor account activity closely, update passwords regularly, and watch for unauthorized transactions that may indicate a breach has already occurred.
Cybersecurity researchers continue to work on reinforcing system defenses and identifying exploitation patterns before significant damage occurs. Airline and hospitality industries may need to strengthen verification processes for any transactions involving loyalty point redemptions, establishing more durable safeguards against intrusion.
Preventive Measures Against Cyber Theft in Loyalty Programs
Both consumers and businesses must take deliberate steps to protect against loyalty point theft by strengthening existing security measures.
For consumers, enabling two-factor authentication, using complex and unique passwords for each loyalty account, and monitoring account activity on a regular basis remain the most effective first lines of defense. Avoiding links in unsolicited emails and verifying login pages before entering credentials can also reduce exposure to phishing campaigns.
For airlines and hospitality companies, investing in advanced transaction monitoring technologies to flag unusual redemption activity is a key step toward early detection. Proactive consumer education around phishing tactics and data security can further reduce the success rate of these attacks.
Securing loyalty program infrastructure and maintaining ongoing engagement with cybersecurity solutions are essential to stopping the unauthorized conversion of airline miles into fraudulent travel bookings before the problem grows further.
