Your frequent flier miles are now being bought and sold on the dark web
I liked it more when the only thing available was my stolen kidney.
What has happened to our beloved dark web? In years past, it was a secretive, joyous place where hackers and miscreants could gather to buy and sell innocent things like stolen comic books, illegal firearms, and maybe a kidney or two. But this dark web? The 2018 dark web? It’s now a criminal haven where the worst among us can sell off the things most precious to us: airline miles.
Shameful. Absolutely shameful.
A recent study published by Comparitech revealed that frequent flier miles — the points that allow us travel enthusiasts to upgrade our seats and occasionally purchase free flights — have quickly become the currency of choice on the dark web, with cybercriminals auctioning them off to the highest bidder for a fraction of the cost that it normally takes to acquire them.
On Dream Market, one of the largest black markets on the dark web, a single vendor sells reward points from over a dozen different airline reward programs, including Emirates Skywards, SkyMiles, and Asia Miles. Going by the handle @UpInTheAir, they sell a minimum of 100,000 points for the reward program of your choice, starting out at $884.
How does this happen?
How are these hackers gaining access to airline accounts in the first place? Mainly through phishing attacks, wherein they send out fake emails (or some such other scam) to lure unsuspecting flight customers into entering their PIN number or account information.
Some cybercriminals have even gained access to user accounts by hacking directly into the airline company that hosts them, as was the case in a British Airways security breach back in 2015 that saw millions of miles stolen before the company could freeze all of its accounts.
According to the report
Delta SkyMiles and British Airways remain the most consistently hacked across all vendors, so if you’re a regular user of either, now might be the time to check in on your account. While the prices for these miles tends to vary from vendor to vendor, there’s also a huge amount of risk involved for those purchasing them.
“If you get caught with stolen airline miles or selling your own miles, the airline can wipe out your account and leave you with nothing,” warns Paul Bischoff, author of the Comparitech report.
The solution to avoid having your miles stolen is a three-part process: first, avoid using a dumb password for your account, or one you’ve used on any other account. Second, take advantage of airline sites that offer two-factor authentication (although, as the recent Reddit hack demonstrated, not even 2FA is foolproof).
And last but not least, always shred your boarding pass after you’re done using. Because let’s be honest, you’re not the only one who wants to forget what happened on that trip to Vegas.
Have you ever been affected by an airline breach? Were your points stolen? Let us know below.
- Apple’s new streaming service sounds so lame its own staff is calling it ‘Expensive NBC’
- The US could soon ban the online sale of e-cigarettes
- Google confirms it lets third-parties snoop on our emails