As global travel reaches new highs, cybercriminals are increasingly targeting travellers. A growing market for stolen travel documents, including passport scans and airline loyalty accounts, has emerged on the dark web.
This is uncovered in joint research by NordVPN and Saily, which reveals how inexpensive it has become for criminals to purchase stolen identities. The June 2025 analysis used the NordStellar platform to examine listings on dark web marketplaces and hacker forums.
Scanned global passports can sell for as little as $10 and up to $200, while verified EU passports fetch over $5,000. Fake bank statements, visa stickers, and hacked airline loyalty accounts with millions of miles trade for hundreds of dollars. Even Booking.com reservations are resold at steep discounts, often for $250 or more.
“The staggering prices we’re seeing on the dark web show just how valuable and vulnerable travellers’ personal information has become,” says NordVPN CTO Marijus Briedis.
Travel data turns into cash for cybercriminals
Travel documents fall into the wrong hands via several basic methods. Cybercriminals deploy malware to scan devices and cloud storage for sensitive files. Breaches at airlines, visa platforms, and travel agencies leak passenger information.
Meanwhile, phishing sites impersonating official websites trick users into uploading passports and visas. Even publicly shared cloud folders with lax permissions can be easily discovered and exploited. Physical documents like boarding passes, lost or discarded in airports, also find their way onto the dark web.
Saily CEO Vykintas Maknickas says: “Travelers are reporting AI-powered phishing scams, from fake check-in platforms requesting selfies with ID documents to fraudulent airport lounge and Wi-Fi registration pages. With AI tools now easily accessible to criminals, these phishing attempts have become simple to make, remarkably convincing, and difficult to spot.”
Travel documents – a goldmine for hackers
Travel documents are valuable because they combine high resale potential with simple use. Many online platforms only require a passport scan and selfie for identity verification – a process criminals can bypass using deepfake technology.
Stolen passenger records often include full names, dates of birth, passport numbers, email addresses, phone numbers, and emergency contacts, enabling criminals to commit complex, targeted fraud.
With this data, criminals can commit identity theft, open fraudulent accounts, or apply for loans. They can launch phishing or social engineering attacks using personal and travel details to trick victims or their contacts.
Briedis says: “Travel documents are a goldmine for hackers because they offer direct access to your identity with minimal barriers. This makes stolen travel data incredibly valuable and dangerous.”
Digital defence for travellers
NordVPN and Saily urge travellers to take immediate action to safeguard their data. Sensitive travel documents should be stored in encrypted digital vaults rather than publicly accessible cloud folders. Travelers must stay vigilant against phishing attempts and verify URLs before submitting information.
Maknickas says that the best defence against modern social engineering is maintaining a healthy scepticism.
He says: “As scammers use personalised, context-aware tactics, a brief moment of critical thinking before responding to a digital request is the most effective shield. If something feels off, try to verify the communication through other channels.”
Briedis says: “Travelers should keep devices updated with antivirus software and use VPNs on public Wi-Fi to encrypt online activity and block malware. They should also regularly monitor financial and loyalty accounts to detect suspicious activity early as well as report lost or stolen documents promptly to limit exposure.”