Your seemingly harmless boarding pass actually reveals a lot more about you than what is printed on it in plain English. Data thieves can learn your frequent flier number, personal data associated with your account and details about your upcoming flights just by uploading a photo or screenshot of the barcode or QR code to Online-Barcode-Reader.
Security researcher Brian Krebs warned about the boarding pass issue after a longtime reader of the KrebsOnSecurity blog came out with step-by-step details on how he was able to access someone’s personal information using only a Facebook photo of a boarding pass as a starting point. The photo showed the boarding pass barcode, which the barcode reader site was able to decode.
Aside from gaining access to personal data and frequent flyer numbers, data thieves could also easily dig up your record locator and use that to access your entire account. Having done that, the hacker could see your phone numbers, future flights booked under your frequent flyer number, names of people who booked your flights and more. The data thieves could alter your seating choices, cancel your flights or even reset your security PIN.
Data and identity theft is big business these days. It’s not just your flight boarding pass that potentially exposes your personal data to possible attackers. With barcode- or QR-code-derived personal data plus publicly accessible information such as social network profiles and relationships, thieves could dig deeper into your accounts. Thieves can get past common security questions such as “What is your mother’s maiden name?” by looking up possible answers through your social network profiles.
Careful fliers should burn or shred used boarding passes to prevent data compromises, so that data thieves cannot use them as a boarding pass to personal data and accounts. If you don't have a shredder at home, check out our favorite heavy-duty home shredder, the Swingline Stack-and-Shred 100x.
[Image credit: Airline ticket, passport and electronics, preparing to travel via Shutterstock]
From illy junus on October 08, 2015 :: 11:57 am
I never know that…thank you for the post, from now on i’ll be very careful
Reply