Two Russian teens have been arrested for infiltrating more than a half-million online accounts. The two teens targeted travel and hospitality rewards points services that offer rewards points. They used the rewards points built up in the accounts to make purchases, before selling the account credentials on the Dark Web. With account access, a user could gift the miles to themselves for use later, book travel directly or in some cases cash in rewards points in exchange for other things. The exploitation of rewards-points programs is big business on Dark Web, especially those associated with travel.
Source: https://threatpost.com/rewards-points-targeted-by-teens-in-hack-of-500k-accounts/133194/