Cybercriminals Sell Stolen Airline Miles on the Darknet

Cybercriminals are hacking into airline customer accounts and stealing their earned bonus miles. While bonus miles aren’t the kind of product you’d expect to find on the darknet, the business of selling stolen miles is thriving. These miles can be used for free flights, access to exclusive airport lounges, upgrades to first or business class, and more. Typically, travelers earn them by frequently flying with the same airlines—or, as it turns out, by buying them on the black market online.

According to Paul Bischoff, an expert at Comparitech, stolen bonus miles from airlines such as Delta, British Airways, Emirates, and Alaska Air are being sold cheaply on underground marketplaces, including Dream Market, Olympus, and Berlusconi Market. For example, a decent package of Delta miles can be purchased for just $31, while British Airways miles go for $45. Payments are made in cryptocurrency, particularly Bitcoin and Monero.

Cybercriminals either hack into airline customer accounts to steal their miles or exploit vulnerabilities in airline systems to move or credit miles without authorization.

Of course, stolen miles can’t be used in the same way as legally earned ones—for example, for booking flights or hotels—since these transactions require identification. However, due to insufficient verification, stolen miles can sometimes be exchanged for gift cards or used for purchases at stores partnered with the airlines.