-
A notorious cyber hacker XHJACK has allegedly hacked into a prominent Asian airline ticketing portal, and is auctioning the root access to hackers on the dark web.
-
The reported access comprises private APIs for key partners, offering unlicensed ticket creation across more than 40 airline companies.
-
The threat actor has placed the minimum bid at $50,000 and a max buyout option of $200,000.
In a bold dark net move, notorious black-hat hacker known as XHJACK has posted for auction what they claim to be root access to a prominent Asian airline ticketing platform. According to a November 28th post by Dark Web Informer, a dark web intelligence team, if proven correct, this could result in the exposure of personal details of more than 350,000 customers. Also, records of more than 31 million bookings across three years may be at risk of compromise if this is true.
As per the post made on a monitored dark web forum, the sale comprises private APIs that offer unlicensed ticket creation for more than 40 airline firms. XHJACK has also started the bid at $50,000, with a buyout of $200,000. While this is not yet verified, it is a credible threat that has been flagged with a Singapore indicator. It also underscores growing cybersecurity risks in the aviation sector amid the wave of notable breaches in 2025, including the recent supplier hack that exposed a trove of corporate data at Spanish Airline giant Iberia.
XHJack Hacks into Asian Airline Giant, Auctions Exfiltrated Data
As per the disclosure by Dark Web Informer, the auctioned exploit enables threat actors to have root access to the servers managing one of Asia’s biggest airline ticketing portals. This alleged data trove comprises customer profiles with full names, ID numbers, itineraries, and full booking logs from 2022 to 2025.
Furthermore, compromised APIs for partner airline companies may enable threat actors to easily issue valid tickets without being detected. While the hacker did not provide any sample data to prove their claims, the real-time edits on the post imply existing control.
It’s worth noting that sellers aim the auction’s high price at dark web buyers who can use such access to fuel internet fraud, resale, or extortion. Also, this is not XHJACK’s first attack against prominent firms.
In August 2025, investigators previously connected the hacker to a United States e-commerce data breach and dark web sales.
What Could be the Implications of This Hack? Data Theft and Ticket Forgery
If proven valid, this attack may allow massive airline ticket counterfeiting and cripple operations across more than 40 airline firms in the Asia-Pacific region. Threat actors could overload online systems with fake bookings, manipulate prices. They may even cause groundings, such as the incident of Japan’s Airline outage due to a cyber attack.
Furthermore, such an attack can result in risks associated with passenger data compromise, like identity theft, as there are over 350,000 passenger records available for black market sales or phishing.
A similar incident of this is the October 2025 Vietnam Airlines exposure of over 23 million passenger profiles by the Scattered LAPSUS hacker gang.
Airline travelers might now face doxxing or fraudulent charges, whereas airline companies struggle with compliance attacks under GDPR-like policies. The attack can also affect airline partners and increase the damage.
