Uncover the Hidden Threats Shaping Travel Security
The myNetWatchman Travel Credential Abuse Index (TCAI) Report is the first comprehensive benchmark revealing how cybercriminals are exploiting stolen credentials across airlines, hotels, OTAs, and car rental companies. Drawing from more than two years of data and over 85 travel sites, the report uncovers striking patterns, from attack surges following major breaches like Otelier and Qantas, to sharp declines tied to MFA rollouts. The findings show that credential abuse in travel isn’t disappearing, it’s evolving. Fraudsters now deploy refined social engineering, MFA fatigue, and synthetic identities to outpace even the most advanced defenses.
A New Era of Persistent, ROI-Driven Attacks
Across the travel ecosystem, attackers follow the money, shifting their focus to the weakest links and highest returns. Airlines have faced waves of targeted credential stuffing, OTAs have become the latest hotbed for fraud, and hotels and car rentals remain opportunistic targets. The report highlights the growing sophistication of groups like Scattered Spider, which expanded from casinos to airlines in 2025, using SIM swapping and MFA bypass techniques to compromise global travel brands. Behind every data point lies a story of evolving tactics, vulnerable systems, and the race to secure digital identities in an interconnected industry.
Why This Report Matters
The TCAI provides the intelligence travel leaders need to stay ahead. It reveals not just what’s happening, but why, showing that MFA alone isn’t enough to stop credential abuse. Download the report to explore the data behind billions of login attempts, learn which sectors are most at risk, and discover how proactive monitoring, compromised credential screening, and email intelligence can protect your customers and brand. This is essential insight for anyone serious about securing the future of digital travel.
%20Report%20.png)