myNetWatchman Launches the Travel Credential Abuse Index

Savannah, GA, October 21, 2025 — myNetWatchman today announced the release of the Travel Credential Abuse Index (TCAI) Report, a first-of-its-kind benchmark tracking credential-based cyberattacks across airlines, hotels, online travel agencies (OTAs), and car rental companies. The report delivers unprecedented visibility into how credential abuse has evolved over the past two years, revealing that while overall attack volumes fluctuate, the sophistication and persistence of threat actors continue to rise.

Drawing on activity across more than 85 travel platforms and billions of login attempts, the TCAI captures real-world fraud behavior across sectors. The findings reveal that credential abuse in travel has not declined — it has adapted. Attackers continue to exploit stolen credentials, MFA bypass tools, and both human and supply chain vulnerabilities. High-attack periods frequently correlate with major data breaches such as the Otelier hotel software breach in 2024 and the coordinated Scattered Spider airline campaigns in mid-2025.

“Credential abuse represents one of the most persistent and underestimated risks to digital travel. Our goal with the TCAI is to give the industry a data-driven view of this evolving threat — and the tools to fight back.” — David Montague, CEO, myNetWatchman

The TCAI highlights that attackers are increasingly ROI-driven, shifting focus among travel sectors as defenses tighten. Airlines and OTAs face the most sustained surges. Despite widespread adoption of multi-factor authentication, the report warns that MFA alone is not enough. Travel companies must also implement compromised credential screening, advanced bot detection, and synthetic identity prevention.

“Credential abuse is not a one-time event; it’s an evolving ecosystem. Without layered detection and identity verification, even the strongest authentication systems can be undermined.” — David Montague

Download the Travel Credential Abuse Index Report →