For many travelers, airline miles and hotel points are extremely valuable. They are a kind of currency that can be used for flights and overnight bookings around the world.
But for many people, the possibility that someone would hack into their frequent flyer accounts probably never surpassed their minds. However, experts say it’s wise to monitor travelers’ activities that shine as frequently and often as often as bank and credit card accounts.
Points and Miles thefts have been on the rise in recent years, according to Kurt Long, founder of cybersecurity firm Bunkr. This is due to major violations by companies like Starwood/Marriott, MGM, Star Alliance and OneWorld (where Cyber Criminals accessed traveler information, including traveler information and passwords).
“Most people don’t check their account balances frequently. During the pandemic, they didn’t spend their points,” Long said. “At the same time, the rewards program kicks out a lot of points, so there are even more points to target.”
He said that security laws on information held in the travel sector tend to be quite loose compared to regulated industries such as banking, asset management and healthcare, and face far fewer penalties in cases of violations, making travelers less parents less.
Gary Leff, who writes about frequently flyer points and miles on his blog, said, “There is a general belief that points and miles thefts are on the rise, but it’s difficult to back up specific data. Many loyalty programs bring the actual level of fraud closer to the best.”
The airline does not provide many details about the measures it is taking to prevent theft of customers’ points or miles. When asked, the representative of Delta said, “Information security is certainly something our team is working to improve our customers.” Similarly, an American Airlines representative said, “Data security is a top priority as you trust us with your personal information as part of your travel booking and as part of AADVantage, as part of your travel booking and as part of your loyalty program. We continue to strengthen our security measures to further protect your personal information.”
Once hackers have access to their accounts, they can use points and miles for real hotel stays and flights, or earn points at participating retailers like Amazon.
“Criminals can also redeem points themselves and sell their rewards.” Personal information theft warning He is a professor at Bentley University where he teaches about white-collar crime. He pointed to cases in 2017 that Russian hackers did this by using British Airways Miles for flight upgrades, hotels and car rentals.
“They’re very organized, but I don’t think the public fully understands,” Long said. “They are well funded, write software, have all these tools. And when they get your personal information, they run through automated systems and look for weak spots. Once they get into your account, they rub everything they can. Travel is a huge profitable market for them.”
Here’s what you need to know about protecting your points and miles accounts from being hacked:
How to protect your frequent flyer accounts
Unlike bank accounts that receive monthly statements, travelers usually need to log in to their account to see the balance between points and miles. It takes more effort for consumers to stay at the top of their accounts.
Having good password management with unique and complex passwords for each account is important to prevent hackers from entering your account, Long said. For multiple accounts (newspaper subscriptions, Starbucks accounts, Netflix logins, or anything else), you either reuse the same password or create a simple derivative of the same thing and try to use it where the criminals can.
By accessing your Mileage Plan account, they can open the door to wreaking havoc in other areas of your life. Credit cards are often associated with airlines and hotel accounts, and hackers can access them too. And the more information they can find about you (your employer, address, phone number, etc.), the more damages (such as applying for a credit card, or giving out a loan in your name).
Long recommends considering a password manager that can generate and track strong passwords. Additionally, you can protect yourself with two-factor authentication (including using two knowledge factors, such as a one-off PIN number sent via passwords and text to the relevant mobile phone).
According to Justin Lavelle, a fraud prevention expert at Beverified.com, an online background check source, another way travelers can be fooled is by receiving emails or texts from sources that pretend to be airlines, travel sites, or travel agents. This letter informs them that they have won additional miles or flights and provides a number to call or a link to follow to request their award. According to Lavelle, when I called or followed the link, I reached a scammer asking a few questions, including the airline’s account number and other personal information. Information will be sold to other scammers. It’s important to be critical of unexpected emails. If you don’t know who the sender is, or if you think your message is suspicious, don’t click.
“The best thing to protect your miles is to check your account regularly,” Lev said. “I never go to all airline websites and log in every day. But I’ll go to AwardWallet.com, click one button and update most (but not all) your account balances. Then I’ll quickly check if the points that are not deducted from my account are deducted.”
What if my airline miles or hotel points have been hacked?
The points are your property and may not be as specific as cash or gold bars, but they still have monetary value and their theft is a crime.
The first thing you want to do is contact your airline or hotel company and let them know that they don’t allow you to use those miles or points, and ask them if they’re going to return them.
“Companies are not obligated to return points or miles to you,” said Ben Farrow, partner attorney at Legalshield. “There’s no law that they have to do.”
He added that most airlines and hotels usually give customers back to Points and Miles. That’s especially true when the company was negligent, as if someone hacked the system, got the user’s password, and stole points. The customer may file a lawsuit and if proven guilty, the company will be liable for the customer’s loss. But Farrow said it’s usually the company’s policy to return points and miles to users.
“People who frequently have loyal flyer miles are the customers they want,” Farrow said. “So they’re going to make accommodations for you most of the time.”
After your points or miles are stolen, the hotel or airline may provide you with a new account number. This can cause headaches on bookings you already have (for example with your airline partner) and you will need to update your flyer number frequently along with your car rental partner, gas station partner.
If the airline or hotel refuses to refund your miles, Farrow said he could consider filing a criminal charge with the local sheriff. Law enforcement agencies are unlikely to catch offenders as they may not have the resources to track them down, but they may be in countries where there is no treaty that will not be extradited with the United States, but at least there are criminal reports on the records. From there, you can file a complaint with the Federal Trade Commission (FTC) and say the company is sloppy with your data and that it has lost your points and miles. The FTC will not begin investigating individual complaints, but if you build a database and your complaints break the back of a camel, the FTC can suggest regulations to address the issue.
“Remember the car warranty phones that were all over the place. They were all closed because enough people complained to the FTC,” Farrow said. “That won’t change until enough people squat about how we’re being treated like this.”
Sheryl Nance-Nash contributed to reporting this article.
2 Pack Hydration Backpack Pack with 2L Hydration Bladders, TNYSPORT Lightweight Breathable Water Backpack with Multiple Pockets, Reinforced Shoulder Straps for Hiking, Running, Biking
$31.99 (as of July 27, 2025 05:36 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
3pcs Set Bow Backpack For Girls,Cute Kawaii Backpacks Set Large Capacity,Nylon Coquette Backpack With Bow Pattern (White Pink)
$25.99 (as of July 27, 2025 05:36 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
4Monster Hiking Daypack,Water Resistant Lightweight Packable Backpack for Travel Camping Outdoor
$18.99 (as of July 27, 2025 05:36 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
2025 New Peakfootwear for Women Men Neuropathy, Hike Barefoot Footwear Shoes Womens, Grounded Barefoot Footwear Grounding Shoe
$19.99 (as of July 27, 2025 05:36 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)