Contact Contact Us

KrisFlyer Air Miles Sold in Dark Web Marketplaces, Chinese Police Arrest 21 Over Data Theft at Alibaba’s Delivery Arm

Comparitech, a UK tech research company, found several dark web marketplaces peddling frequent flyer miles from airline reward programmes, including Kris Flyer, Delta SkyMiles, and British Airways. The prices of the stolen air miles are priced differently and based on the value of Bitcoin or Monero. For instance, 100,000 KrisFlyer miles cost around US$884 while 100,000 British Airways miles could be priced as little as 34 euros. Hackers likely obtained the air miles by stealing credentials and hacking personal accounts using the stolen credentials. They could then either transfer the air miles to their own account and sell that account or redeem them directly.

Last Friday, Chinese police arrested 21 suspects in connection to the theft of more than 10 million pieces of customer data from Cainiao Network–the official global parcel tracking platform of Alibaba Group–after barcode scanners used in distribution stations were infected with malware. The stolen data included usernames, phone numbers, and parcel tracking numbers. Police said the suspects were service providers to Cainiao Network’s local distribution stations and they had installed malware on the scanners to gather information for promoting content on their social media accounts.

[1] How much are stolen frequent flyer miles worth on the dark web?
[2] Singapore Airlines: There are not many cases of stealing flight miles
[3] 21 arrested for data theft at Alibaba's delivery arm

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883