What do you do when you plan a holiday?
Usually, you book your flights and accommodation, you get excited, you pack, and then you head to the airport.
You double check you have everything, maybe grab a pint, and then you brag about your impending holiday to everyone on social media. Usually, you do this by taking a photo of your boarding pass, and then post it on Instagram for everyone to envy.
Now, that’s where we all go wrong.
It turns out that publicly posting a picture of your boarding pass is a big mistake.
Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.
Using the example of a friend’s boarding pass that was posted on Facebook, the security analyst was able to access his friend’s record locator (the ‘record key’ for the flight he was taking that day).
With that information, along with his last name which was encoded in the barcode, he gained entry to his whole account on the airline’s website.
Even more than that, the data breach on the airline’s site included the friend’s phone number and the name of the person who booked the flight. Which basically means if you’ve ever posted your boarding pass online, you could’ve been screwed.
Unfortunately, a lot of people aren’t privy to this and a simple search for #boardingpass on Instagram or Twitter will bring up thousands of photos of people’s passes, and consequently, their personal information.
So while many of us may have thought covering our name and flight number would have stopped anyone from stealing our details, that’s not the case.
Next time you’re at the airport, take a photo of the plane instead of your pass.