Frequent fliers, check your accounts.
According to security analysts, cyber criminals have created big business by stealing airline miles.
“They have less security protections than those we see in our banks and our credit cards, and they’re monitored less closely by consumers,” said Lesley Carhart, Security Analyst at Dragos Inc.
A search of the dark web found countless stolen miles being sold for a fraction of their value. Eight thousand to ten thousand Delta miles were selling for $52. Thousands of British Airways miles were being sold for $100. All exchanges are done in digital currency Bitcoin, and prices can fluctuate according to the Bitcoin market.
“(Malicious hackers) can use those miles to exchange them for gift cards, for loyalty programs for other companies. We’ve seen thieves do things like book hotels or rent cars using those miles,” Carhart said.
In other words, Carhart said airline miles translate to easy money.
A spokeswoman for British Airways said the airline constantly monitors the system for abuse and takes immediate action.
“We encourage customers to keep each of their online accounts safe by using unique passwords for each account and changing those passwords frequency,” a British Airways spokeswoman said.
Delta Airlines had a similar response.
“Delta take the responsibility of protecting our customers’ information very seriously, and we strongly encourage customers to be vigilant in safeguarding and maintaining the privacy of their Delta account credentials,” an airline spokeswoman said.
Carhart advises looking for loyalty programs that offer multi-factor authentication when consumers log in and those that send notifications if there are changes to an account.
Protecting frequent flier numbers as you would bank account numbers is also important.
“That number is as relevant as the number on your checkbook or on your credit card,” Carhart said. “You wouldn’t throw your credit card in the trash or you wouldn’t hand it to somebody else so they could take a picture of it, but we see people throwing away their boarding passes with their frequent flier number on it.”
The U.S. airline industry said it is taking steps to ensure digital security.
A spokeswoman for the trade group Airlines for America said the association could not speak to individual airline website security but added “The U.S. airline industry takes data security seriously and continues to work collaboratively with cyber-security experts to identify potential vulnerabilities, taking necessary precautions to keep systems secure and investing in IT systems and protective measures to safeguard passenger information.”