Airline loyalty accounts belonging to millions of travellers are being stolen and sold on the dark web for as little as 56p, according to new cybersecurity research — putting popular programmes like British Airways Avios and Emirates Skywards firmly in the firing line.
The findings come from a joint study by cybersecurity experts at NordVPN and Saily, which analysed dark web listings and underground forum discussions linked to airline cybercrime. Criminals are advertising compromised airline accounts that can contain hundreds of thousands of miles, allowing them to redeem flights, seat upgrades and other premium perks almost instantly.
British Airways and Emirates Among Most Targeted Airlines
While several US airlines appeared in the research, the presence of British Airways and Emirates makes the issue particularly relevant for UK travellers. Both airlines were frequently mentioned in dark web discussions focused on loyalty account takeovers.
According to the data, the most discussed airlines on the dark web that serve UK travellers were:
-
Emirates (11.5%)
-
United Airlines (11%)
-
American Airlines (8.9%)
-
Delta Air Lines (7.3%)
-
British Airways (5.5%)
-
Lufthansa (3.3%)
In listings analysed by researchers, stolen airline loyalty logins were being sold for as little as 56p, with higher-value accounts — containing detailed personal information or large point balances — fetching prices of up to £150.
How Criminals Cash Out Airline Miles So Quickly
The biggest concern isn’t just the theft of points, but how quickly criminals can “cash out” without triggering suspicion. Stolen loyalty accounts are commonly used to:
-
Book reward flights or upgrades
-
Convert miles into gift cards
-
Transfer points between accounts
-
Redeem perks that appear like legitimate activity
Because these actions can mimic normal behaviour, victims often don’t realise their account has been compromised until their balance is drained.
Researchers say access is typically gained through phishing emails, fake airline login pages, data breaches, and credential stuffing, where hackers use reused passwords across multiple platforms.
Hotel Loyalty Data Also Being Traded
The same dark web marketplaces are also trading stolen hospitality data. Researchers uncovered listings offering access to hotel databases containing guest names, email addresses, stay histories and, in some cases, passport details. The most sensitive datasets were reportedly being sold for up to £2,250.
Major hotel groups frequently used by UK travellers — including Marriott, Hilton, IHG and Accor — were all referenced in connection with leaks and account-takeover services.
Winter Travel Season Fuels Spike in Account Theft
With millions of Brits travelling for winter sun, ski trips and major sporting events, researchers warn that this is a peak period for loyalty account fraud. Increased travel means more logins, more redemptions and more time spent on unsecured networks — all of which create opportunities for cybercriminals.
Marijus Briedis, Chief Technology Officer at NordVPN, said:
“The travel industry is a lucrative target for hackers due to the sensitive personal and financial data they handle. Our research shows that airlines continue to face data breaches, and this stolen information has a thriving market on the dark web.”
He added that password reuse remains one of the biggest risks, noting that recent research shows half of consumers reuse the same password across multiple accounts, significantly increasing the likelihood of identity theft and fraud.
How UK Travellers Can Protect Their Loyalty Accounts
Cybersecurity experts are urging travellers to take simple but effective steps to protect their airline and hotel loyalty accounts:
-
Use strong, unique passwords for every account
-
Enable multi-factor authentication (MFA) wherever possible
-
Monitor loyalty balances and redemption activity regularly
-
Be cautious of unsolicited emails or calls claiming to be from travel brands
-
Avoid public Wi-Fi or use a VPN when accessing travel accounts
Vykintas Maknickas, CEO of Saily, also warned that travelling increases exposure to cyber threats:
“Travelling increases exposure to cybercriminals simply because you’re accessing your accounts more often and not always on trustworthy networks.”
He suggested using a travel eSIM to reduce reliance on public Wi-Fi, particularly during busy travel periods when scams spike.
