Travel & Hospitality: The Black Market for Loyalty Points
Frequent flyer miles and hotel points are liquid assets on the dark web. They are easier to launder than cash and often have weaker security protections.
The Takeover Lifecycle
Attackers use "combos" (email/password lists) from other breaches to test logins on airline and hotel sites. Successful logins are sold to brokers who resell the points for booking flights, hotels, or buying gift cards.
Defending the Program
For loyalty program managers, the defense is two-fold: implementing MFA and monitoring for compromised user credentials. DarkLake allows airlines and hotel chains to screen their high-status member list against known leaks, locking down accounts before points are drained.
Is your organization exposed?
Get a free Dark Web exposure assessment. We'll check for leaked credentials, compromised devices, and assets on the darknet.