General

Warning: Posting a Picture of Your Boarding Pass on Social Media Can Get You Into Trouble

Sharing pictures related to travel on social media, such as those of a boarding pass, can be a great way to keep friends and family in the loop about your trips.

However, before you go online posting your travel documents, you should consider the dangers of doing so. While it might be just a fun activity for you and your followers, hackers and identity thieves have more nefarious intentions.

Illustration – Shutterstock | Tawan Jz

Do you remember what you did with your last boarding pass? Perhaps you threw it away at the airport or left it in the seatback pocket in front of you. Or maybe you might be one of those people who posted a picture of it under the hashtag BoardingPass. But whats the danger? After all, the ticket is already purchased and your billing information isnt visible. Or is it?

The problem with boarding passes is that they include a lot of sensitive information, including your first and last name, the airport of departure and arrival, a frequent flyer number, and most importantly a barcode that contains all kinds of valuable data.

According to cybersecurity expert Brian Krebs, the barcodes and other pieces of data can be scanned to reveal underlying information that could let identity thieves get into frequent flyer accounts. Once inside, he warns they have “the ability to view all future flights tied to that frequent flyer account, change seats for the ticketed passengers, and even cancel any future flights.”

After one of his subscribers was able to harvest crucial information from a friends boarding pass that had been posted on Facebook using an easily accessible code-scanning website, Krebs advised “the next time youre thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead.”

Illustration – Shutterstock | Brian A Jackson

You might think that this problem would be limited to pictures of printed boarding passes and that using the airlines regular app or frequent flyer app would help eliminate the problem. However, a USA Today report showed the QR code generated by these apps is just as vulnerable to decryption and thus identity theft, as was the old printed version. If you screenshot the digital boarding pass and share it or post it, you will be just as exposed.

Another issue comes with the six-digit code that all passengers are given on their boarding passes and luggage after check-in. Air travel professionals call this a PNR (passenger name record). The ethical hackers at Safety Detectives, led by Israeli hacker Noam Rotem, discovered that they could easily gain access to PNR lists, and once they did, they could manipulate passenger profiles for IsraelRead More – Source

Related Posts