If you thought the greatest threat to your next overseas jaunt was forgetting your toothbrush, think again. According to freshly unearthed research from cybersecurity stalwarts NordVPN and Saily, cybercriminals are now running thriving black-market businesses flogging everything from your passport scan to your hotel booking—all served up on the shadowy shelves of the dark web.
It’s no longer the stuff of spy thrillers or techy tinfoil-hat types. Your digital identity is, quite literally, for sale.
A Passport to Trouble—For Just $10
Let’s cut to the chase: a scanned passport, yours or mine, can fetch as little as $10 on the dark web. And if you happen to be a European Union passport holder? That figure balloons a lofty $5,000, depending on how “verified” it is. It’s the black-market equivalent of first-class.
But passports aren’t the only hot item on the menu. Fake bank statements, dodgy visa stickers, and airline loyalty accounts bursting with unused points are being peddled for a few hundred bucks a pop. Even your precious Booking.com reservation might be up for grabs—for a ‘discounted’ $250 or more.
“The staggering prices we’re seeing on the dark web show just how valuable and vulnerable travellers’ personal information has become,” said Marijus Briedis, NordVPN’s ever-candid Chief Technology Officer.
And if that quote doesn’t make you want to reconsider uploading your passport to every second-rate booking portal, nothing will.
Dark web deals: Your passport, identity, and future—sold to the highest bidder.
How Does It Happen?
You may imagine these criminal masterminds as hoodie-wearing hackers hammering away in basements. But the reality is often far simpler—and more disturbing.
Cybercrooks use malware to trawl through devices and cloud storage, pinching sensitive documents faster than you can say “digital boarding pass.” Airlines, visa platforms, and even well-meaning travel agents can also be victims of breaches, letting personal information slip into unsavoury hands.
Then there’s good old-fashioned phishing—those near-perfect replica websites trick users into uploading travel docs, thinking they’re securing a seat or checking into a flight.
“Travellers are reporting AI-powered phishing scams, from fake check-in platforms requesting selfies with ID documents to fraudulent airport lounge and Wi-Fi registration pages,” warned Vykintas Maknickas, CEO of Saily.
With generative AI now in the wrong hands, these scams are “not only simple to make but also shockingly convincing,” Maknickas added. It’s phishing 2.0, folks, and it’s got deepfake capability to boot.
Bargain bookings or bait? Dark web deals turn dream holidays into digital nightmares.
Why Are Travel Documents So Valuable?
Here’s where it gets properly frightening. Most online platforms only require a passport scan and a selfie to confirm your identity. Add in today’s synthetic image technology; voilà—cybercriminals can impersonate you without breaking a sweat.
Stolen passenger data typically includes the following: full name, date of birth, passport number, email, mobile number, and emergency contacts. It’s an all-access pass to commit identity theft, open phony credit accounts, or run elaborate scams under your name.
“Travel documents are a goldmine for hackers,” said Briedis, “because they offer direct access to your identity with minimal barriers. This makes stolen travel data incredibly valuable and dangerous.”
First-class fraud: cybercriminals flog airline miles like peanuts at a pub.
Don’t Panic—But Do Protect Yourself
Before you delete your travel apps and book a cave in the Snowy Mountains, take some doable steps to protect yourself.
First, never store passport scans or sensitive travel documents in public cloud folders. If you must, use encrypted storage.
Second: be suspicious. Don’t do it if a site asks for a selfie with your ID and it’s not your airline or a known authority.
“Scammers use personalised, context-aware tactics,” says Maknickas. “A moment of critical thinking is your best defence. If something seems even slightly off, double-check through another channel.”
Also, travellers should:
-
Keep all devices updated with antivirus software.
-
Use a VPN—especially on public Wi-Fi—to mask activity and fend off malware.
-
Monitor financial and loyalty accounts for suspicious activity.
-
Report lost or stolen documents immediately.
It’s old-fashioned, but prevention beats cure, as with many things in life. And in the digital realm, a healthy dose of scepticism goes a very long.
A Growing Threat Backed by Research
The findings come from research conducted by NordVPN and Saily between 10 and 20 June 2025. The data was dissected via NordStellar, their threat exposure management platform, and sourced from dark web marketplaces and hacker forums. This wasn’t a fringe study, either. It involved real listings—real passports, real prices, and real risks.
The joint analysis focused on how widely available these stolen travel documents are, what they’re fetching, and why everyday travellers should be concerned.
The upshot? You don’t need to be a high-flying diplomat or oil tycoon to become a target. Sometimes, all it takes is a layover, a lazy password, or a lapse in judgment on airport Wi-Fi.
