“The type of sites most commonly associated with the dark web are marketplaces where illicit goods such as narcotics, firearms and stolen credit card numbers are bought and sold,” says the report’s author, Paul Bischoff. “The darkest corners are used to hire hit men, engage in human trafficking and exchange child pornography.”

Cathay Pacific took 7 months to alert passengers to massive data leak. Why?

Bischoff says that if you get caught with stolen airline miles or selling your own miles, the airline can wipe out your account and leave you with nothing. “Airlines can even cancel your bookings if they’ve found you’ve broken the terms of service,” he says.

A study by Seon, a security consulting company, found any number of travel products available on the dark web. They included airline tickets, car rentals and, on one forum, tours sold at a 30 per cent discount. On another forum, customers were “impressed with this seller’s ability to deliver flights bought with stolen credit cards,” the study notes. “With over 200 sales, they had only five-star reviews.”

The dark web is just one of the places travellers should avoid. Others include unsecured websites and wireless hotspots designed to collect personal information. Bottom line: online security can be as important as physical safety for travellers.

Even when visiting a legitimate travel site, you might not be entirely safe. Consider the data breach Marriott disclosed last year, in which hackers accessed its reservation systems over a period four years and exposed the private information of up to 500 million customers. Last year also saw a data breach at Cathay Pacific that compromised the personal details of 9.4 million airline passengers.

Experts say it is not a question of if, but when, the next data breach will happen. How do you know if a company is taking security seriously? One way is to look for a little padlock icon next to the website address on any page where you can type in sensitive information, including credit card numbers.

That icon is missing from a lot of travel sites. At least that is the finding of Sectigo, a web security company. It recently studied major airline, hotel, travel comparison, car rental and train websites and rated them on how effectively they were secured. It flagged the sites for Firefly, SkyWest and Ritz Carlton for triggering “not secure” warnings, and numerous others for lesser security issues.

“Many major travel brands fail to provide assurance of their sites’ security and identity,” says Tim Callan, a senior fellow at Sectigo.

But the most common danger to travellers may be the network of wireless hotspots – set up in public places such as airports, convention centres and hotels – that are designed to steal personal information.

“Malicious actors can set up fraudulent Wi-fi networks and even fake mobile hotspots to collect and record traffic that connects to them, especially in top destinations,” explains Matthew Gardiner, a cybersecurity expert at Mimecast, an email and web security provider.

Avoiding a public network pays off in additional peace of mind, says Chandler Givens, CEO of TrackOff, a provider of data privacy software for consumers.

That brings us to the solutions. You can stay off public hotspots, log into a secure public hotspot such as Boingo, or use a virtual private network (VPN), which offers an extra layer of encryption.

“To protect yourself, for example, when at airports or hotels, find out the official Wi-fi network of the facility from the management, and do not connect to any others that you may find to be open,” Gardiner says. “Remember: how the Wi-fi network is named means nothing.”