Hacked Alaska Airlines frequent flier miles for sale on the dark web
Sep 19, 2018, 11:54 AM | Updated: Sep 21, 2018, 11:25 am
(AP)
Criminals are getting smarter and are stealing frequent flyer rewards instead of money — it’s easier to get away with. Frequent flier miles with Alaska Airlines were recently found among a list of accounts for sale on the dark web.
RELATED: Russell Wilson airplane debuts
Paul Bischoff with Comparitech.com found 50,000 Alaska points on the online black market for about 81 euros. It was among a list of other airlines’ points selling for as much as $900.
“It’s hard to tell how many accounts were hacked,” Bischoff said. “Sometimes these sellers just sell their miles in bulk and you can buy as many as you want and they many come from any number of individual accounts.”
“So you have a frequent flier account with Alaska Airlines, and someone through whatever means, hacks that account; maybe they send you a phishing email, or they put some malware on your computer,” he said.
Then they use that access to obtain frequent flier information and sell it on the dark web, an online black market. Transactions for such buys are usually in bitcoin or another cryptocurrency. Customers purchase the user name and password information. They can then use that account to redeem the flier miles themselves. Sometimes the hacker will transfer the miles into a new, clean account and provide that to the seller.
“Once (a black market customer) has paid for the points, the person who buys them gets the account number and password and they can go in themselves and redeem the points for whatever rewards, gift cards, etcetera, and that’s it,” he said.
People who buy those points from hackers will use them for gas, credit cards, or wherever the points are accepted. Many retailers will have programs that accept the miles. But hackers or customers likely won’t use the points to buy flights or hotels. That often requires ID, which can lead to getting caught.
“They’re really not worth much … for hackers it’s like pocket money,” Bischoff said. “They can go make a quick $80 on the dark web and spend it. Or if they are buying the miles, they can spend those miles real quick.”
Only one Alaska Airlines account was found among the list of hacked frequent flier miles. Bischoff said that customers should pay extra attention to their accounts if they get notifications of a breach.
RELATED: Cryptocurrency miners are taking over Eastern Washington
“The programs that have suffered breaches recently have more frequent flier accounts listed on the dark net,” Bischoff said. “…. like British Airways, I found a ton of listings. That could be because they had a data breach recently … it’s really hard to say if certain ones are more susceptible. But a good rule of thumb is if they have had a data breach recently, it would probably be more susceptible.”
Another tip: be careful with boarding passes. Many boarding passes have frequent flier information printed on them that hackers may be able to use. Don’t post photos of boarding passes on social media. Shred passes after you use them.