As a predictable outcome of the 2017 Equifax data breach, identity thieves are coming up with new and creative ways of using the personal information that was exposed. The Equifax data breach and other recent data breaches have exposed over 179 million individuals’ personally identifiable information.  Hackers can use this data along with other information to hack your frequent flyer account and steal your miles.

The theft of your frequent flyer miles is not something you’ll likely notice until you need them.  Unlike bank accounts which we are aware of the balance on a daily basis, we don’t check our frequent flyer account balances often.  This means the theft could go unnoticed for months, and you might only notice they’ve gone missing when your trying to book that vacation trip you’ve been anticipating for months.  Worse, many airlines won’t replace the stolen miles or points if they’re stolen.

Unlike bank accounts which we are aware of the balance on a daily basis, we don’t check our frequent flyer account balances often

If you’re thinking they really can’t use stolen frequent flyer miles to book flights because they would have to show identification, you’re right.  However, many airlines’ frequent flyer programs allow members to exchange their miles for gift cards.  Once the hacker has the gift card, he can use it anonymously.  The fact that frequent flyer miles can be turned into a way to obtain goods and services makes them a valuable commodity.  That commodity is bought and sold on the black and grey markets.

How much are frequent flyer miles worth?

How much are frequent flyer miles worth?  In August of 2018  UK company, Comparitech, sifted through marketplaces on the Dark Web to find out.  What they found was astonishing -- in many cases, 100,000 frequent flyer reward points were worth as much as $884.  Different airlines’ programs have different values on the black market.  Points from airlines that fly internationally have greater value than those airlines which only fly domestically for the most part.  Points from DeltaSky Miles and British Airways were found to be the most commonly listed on the Dark Web sites Dream Market, Olympus Market, and Berlusconi Market.

How do I protect myself?  

1. Don’t share your frequent flyer account number online Don’t post photos of your boarding pass on social media or anything else that shows your frequent flyer membership account number.  Or for that matter shred your boarding pass when you no longer need it and don’t put your membership number on your luggage tags.  Your frequent flyer membership number may be the last piece of information they need to access your account.  Hackers likely have a dearth of information on you from the millions of data breaches.  Putting your membership number with your other personally identifiable information is all hackers to defeat the airline's security systems.

2. Create a secure password for your account.

If frequent flyer mile thieves can’t get into your account they cannot transfer your frequent flyer miles or convert them to gift cards.  It may be inconvenient to type in upper and lower case letters, numbers, and special symbols, but might save your family's vacation.

3. Monitor your account for suspicious activity.

The black market sites on the Dark Web will often list the miles or points they have for sale as clean, meaning that the owner of the miles or points has not yet discovered they’ve been stolen.  If you login into your account and see that your last login was not a date that you accessed the account, or you see miles missing, contact the airline immediately. 

4. Avoid using public WiFi to access your frequent flyer account.

Public WiFi networks at airports or coffee shops etc. should be treated as insecure.  Others on the network could capture your logins and passwords.

5. Use the IDENTITY ARMOR Dark Web Scanner

Our Dark Web Scanner will help you to determine if your information is already out there on the Dark Web.  Our scanner will show what breaches you’ve been affected by and what information of yours has already been exposed.

For more information on protecting your identity and get access to the free IDENTITY ARMOR Dark Web Scanner call us at (888) 556-7609.