How do travel documents end up on the dark web?
Cybercriminals use several techniques to steal your travel documents, often without you realizing it. Some of the most common ways travel documents end up on the dark web include:
- Info-stealers. Hackers use malware to target your devices, like laptops, phones, or tablets. This malware looks for sensitive files stored on your device or synced with cloud services, such as your email inbox or travel folders. If you’ve saved a copy of your passport or visa, the malware can grab it and send it to the hacker.
- Compromised travel websites. Travel agencies, airlines, and visa-application websites are full of personal data. Unfortunately, criminals target these platforms to steal uploaded files like passport scans, visas, and travel itineraries. Once they break into these systems, they often dump all the stolen documents to sell on the dark web.
- Fake travel sites. Cybercriminals create fake websites that look like real airline check-in pages or visa application sites. These phishing websites trick you into entering your personal information and uploading travel documents. Once you submit your sensitive data, the hackers behind the fake site steal it and then sell it.
- Unsecured cloud links. Many people store travel documents on cloud services for convenience. However, if stored improperly, such as using public-sharing permissions (“anyone with the link can view”), these documents become vulnerable. Cybercriminals can use Google dorking (a method of searching for exposed files using advanced search queries) and other techniques to find and exploit these files.
- Physical theft. Lost or stolen passports, boarding passes, or IDs often make their way to dark web marketplaces. Even a discarded boarding pass might contain enough information for someone to exploit. Hackers can scan these items and sell them to criminals looking to commit fraud or identity theft.
Why are travel documents so valuable to criminals?
Criminals value stolen travel documents for several reasons: they are highly profitable and simple to use, require minimal verification, and often contain personal data that criminals can further exploit for identity theft and other crimes. Let’s explore each of these reasons in more detail.
High resale value
Travel-related documents hold significant value on the dark web. Prices vary based on quality, country of origin, and demand. Recent data from the threat exposure management platform NordStellar revealed a great variety of items criminals sell on the dark web:
- 1.
Scanned passports and IDs. Cybercriminals sell scanned passport images for $10-200, depending on quality, while ID scans go for $15.
A dark web listing that offers scans of passports and residence permits priced between $10 and $200. - 2.
Full verifiable documents. Genuine passports, driver’s licenses, IDs, and permits are typically sold for prices ranging from $20 to $1,800. EU passports rank among the most expensive, costing €5,500 (approximately $5,830), with a 25% discount for additional family members in “family packages.” According to NordVPN’s Dark web case study, prices vary greatly by country, with Argentinian passports being the cheapest and Czech, Slovakian, and Lithuanian passports tied as the most expensive.
A dark web listing that offers verifiable stolen travel documents, such as passports, driving licences, IDs, and permits priced between $20 and $1,800. A dark web listing that offers EU passports for €5,500 (approximately $5,830), with a 25% discount for additional family members. - 3.
Work visas and sponsorship letters. Some sellers do not publicly disclose the prices for these documents, but they are likely to be expensive.
A dark web listing offering fraudulent work visas, sponsorship letters, residency permits, background checks, clean criminal records for immigration, brute-forced bank logins, cracked credentials, Plaid-verified business accounts, high-balance personal accounts, credit score profiles, and other highly sensitive data. - 4.
Stolen loyalty accounts. Cybercriminals sell airline loyalty accounts with high-mile balances on the dark web for $35-700. Accounts with 1-5 million miles, like those from Alaska Airlines, sell for top prices of $700. Criminals also use stolen American Airlines accounts to book business-class flights for $200 using 200,000-300,000 miles. Hacked loyalty cards with high point balances go for $20.
Dark web listings offering stolen Alaska Airlines loyalty accounts, including username, password, loyalty number, and member balance/miles, priced between $35 and $700. A dark web listing that offers American Airlines accounts to book business class flights using stolen miles. A dark web listing that offers hacked loyalty cards with high points. - 5.
Fraud manuals. Cybercriminals sell detailed guides for hacking flight and hotel booking systems, known as “Flight & hotel cracking & booking manuals,” for $150-250.
Dark web listings that offer guides for hacking flight and hotel booking systems. - 6.
EU visa stickers. Cybercriminals sell EU visa stickers on the dark web for €300 (approximately $350).
This dark web listing offers EU (Schengen) and other unspecified visa stickers for €300 (approximately $350), with an optional tracked shipping service for €100 (around $115). - 7.
Fraudulent visa services. Some dark web sellers provide fake visa issuance services for €400 (approximately $464), which allow buyers to bypass legitimate application processes.
A dark web listing that offers fake visa issuance services. - 8.
Discounted Booking.com reservations. Travel hackers resell pre-booked trips on platforms like Booking.com at discounts of 40-50% off the original price, typically charging around $250 per deal.
A dark web listing that offers cheaper hotel stays.
Low verification requirements
Travel documents are a goldmine for criminals because many online platforms rely on relatively weak identity checks. A clean scan of a passport or ID and a selfie is often all it takes to pass verification on websites, financial services, or even travel portals.
Criminals know how to manipulate this system. They combine stolen documents with advanced tools like deepfake technology to mimic the victim’s face. This combination of stolen data and AI-driven deception allows them to gain access to services like opening fraudulent accounts, renting properties, or even booking trips in someone else’s name.
Bundled personal data
When criminals steal one piece of travel data, they often get much more. A single Passenger Name Record (PNR) is a treasure trove of information that can include your full name, date of birth, passport number, email address, phone number, and even emergency contact details.
This package of personal data — often called "fullz" in hacker slang — refers to a complete set of details tied to one person. Fullz is highly valuable because it allows criminals to commit tailored fraud. For example, with your PNR, a thief could potentially book flights under your name, bypass security checkpoints, or tailor phishing emails to seem even more believable.
The more complete the information, the more dangerous it becomes. Criminals can use fullz not only for travel fraud but also to open bank accounts, apply for loans, or steal your entire identity. It’s not just about one stolen document — it’s about how all these pieces combine to magnify the damage.
How to protect yourself from travel document theft
Travel isn’t just about where you’re going — it’s also about how you prepare. By being mindful of your data, you can make it much harder for criminals to steal your information. These steps can help you stay safe:
1. Keep sensitive files secure
Store your documents in encrypted storage or a private digital vault. To keep them safe, turn off public-sharing features in cloud storage.
2. Stay alert for phishing attempts
Always check URLs before entering personal data. If a website for a visa application or airline check-in looks suspicious, don’t proceed. Use NordVPN’s link checker to confirm if the link is legitimate or a scam. Additionally, check official sources and be cautious of emails or messages that pressure you to act quickly.
3. Protect your devices
Install reliable antivirus software on your devices to block malware that could steal your files. Update your operating system and apps regularly to fix security gaps.
4. Use a VPN on public Wi-Fi
If you’re planning your trip on public Wi-Fi at a coffee shop or airport, a virtual private network (VPN) like NordVPN will encrypt your connection and keep your online traffic more secure.
5. Monitor your accounts for unusual activity
Check your loyalty accounts, email, and financial statements frequently. If you notice anything unusual, act immediately to protect your accounts and stop further damage.
6. Report stolen or lost documents right away
If you lose your passport, ID, or any sensitive document, report it right away to limit how criminals can misuse your information.
Stay educated and take control of your safety
Traveling should be about enjoying new experiences, not worrying about your identity being sold on the dark web. Cybercriminals rely on people overlooking the risks of sharing and storing sensitive information.
Start protecting yourself today: secure your accounts, use tools like NordVPN, and stay alert for scams targeting travelers. By staying proactive, you can make it much harder for criminals to profit from stolen travel data.
Your travel experiences are worth protecting.
Improve your digital security today with NordVPN.
Methodology
The research was conducted by NordVPN and Saily researchers between June 10 and June 20, 2025, using data analyzed through NordStellar, a threat exposure management platform. The dissected information came from dark web marketplaces and hacker forums where stolen travel documents and related data are advertised for sale.
The examined data included listings of passports, visas, loyalty accounts, and booking details, along with their prices. The analysis focused on the availability, pricing, and risks of travel document trafficking to raise awareness and guide travelers in taking precautions.
