DD: Alaska Airlines ($ALK) – Puts on 4 year cyber leak left unpatched
u/NorthcoteTrevelyan ·
Reddit — r/wallstreetbets
· March 20, 2026 at 11:20
· ⬆ 33 pts
· 💬 22 comments
| View on Reddit ↗
AI Summary
Summary
The author claims Alaska Airlines ($ALK) has a severe, unpatched cybersecurity vulnerability in its loyalty program, allowing hackers to steal and sell frequent flyer miles.
Technical flaws include session cookies lacking HTMLOnly flags and active sessions surviving password resets, which the author links to organized crime crypto wallets.
Quality assessment: This is well-researched, highly technical DD supported by a massive $440k options position, elevating it above typical retail noise.
Score33
Comments22
Upvote %95%
▶ Full Post Text
Ticker: $ALK
Positions (proof: [https://imgur.com/sgHeFzw](https://imgur.com/sgHeFzw)):
* 400x ALK Apr 17 2026 $32.50 Puts @ $0.59 Current $0.90
* 250x ALK Apr 17 2026 $37.50 Puts @ $1.09 Current $2.50
* 500x ALK Apr 17 2026 $40.00 Puts @ $1.45 Current $3.82
* 200x ALK Apr 17 2026 $45.00 Puts @ $2.63 Current $7.50
Total value at risk: \~$440k
Shouted about this [before](https://www.reddit.com/r/wallstreetbets/comments/1qcozu0/comment/oab3ndl/).
If you'd listened then you'd be well in the money. Nothing to do with Iran - trust me bro.
Since then I haven't sat still. I've found lots more mischief:
# I Found Some Sellers
Six different ones. Deep in the Dark Web? only if that is what we are calling Facebook these days - just a basic search.
One of them claims selling 60 Alaska accounts a week.
They show off similar pricing: $120 for 220k miles. That is enough miles for 4 peeps on flats bed across the Atlantic.
# I Followed the Money
Sellers offer up crypto wallets. Follow this one yourself:
0xA7964B5b406f439Dd527eAB89604e437E968D827
Goes all the way to 100s of millions heading into Binance.
An organised crime racket.
# I Found The Reason for the PIN Lock
Victims get forced into using a verbal PIN after they have been hacked. Why?
Password changes don't do anything if a villain is in your account.
Try it yourself:
1. Log into Alaska in two different browsers.
2. Change your password in one of them.
3. Refresh the page in the other.
4. Observe you are still fully logged in on browser 2.
You can keep that rogue session alive for a long time.
# I Found Out Hackers Don't Need Passwords
Session cookies are wide open at they don't have HTMLOnly.
Obviously you don't know what that means, but any rogue chrome extension, or any rogue cookie in the system, means they skip the password bit and are in an account any time they like.
# I Found Plenty More Junk
But this is enough to know the loyalty programme valued at $12 billion on a market cap of $4.5 billion is not locked down.
# The Play
Probably go longer dated that I am. Puts FTW.
Positions (proof: [https://imgur.com/sgHeFzw](https://imgur.com/sgHeFzw)):
* 400x ALK Apr 17 2026 $32.50 Puts @ $0.59 Current $0.90
* 250x ALK Apr 17 2026 $37.50 Puts @ $1.09 Current $2.50
* 500x ALK Apr 17 2026 $40.00 Puts @ $1.45 Current $3.82
* 200x ALK Apr 17 2026 $45.00 Puts @ $2.63 Current $7.50
Total value at risk: \~$440k
ALK's loyalty program (valued at $12B) has fundamental security flaws, including vulnerable session cookies and ineffective password resets, leading to widespread mile theft. Public exposure or financial fallout from this ongoing, unpatched breach could severely damage consumer trust and crater the stock, which only has a $4.5B market cap. Purchase ALK puts to capitalize on the market pricing in this massive cybersecurity liability. The market may ignore the vulnerability, or ALK could quietly patch the exploit before a major PR disaster occurs.
This Reddit post, published March 20, 2026,
features u/NorthcoteTrevelyan
discussing ALK.
1 trade idea extracted by AI with direction and confidence scoring.