This is terrifying...
Holidays offer the best social media opportunities, with just setting foot in an airport being excuse enough to upload an Instagram snap.
We’re talking filtered luggage shots, pre-travel coffees and of course the infamous snap of a freshly manicured hand holding a boarding pass tucked into your passport, informing your followers which luxurious destination you’re jetting off to.
As much as this pre-holiday rite of passage is a guaranteed way of gaining followers and raking in the likes, it turns out Instagramming your boarding pass could actually be a huge mistake, putting you and your details in danger.
The two-dimensional barcodes and QR codes printed on your boarding pass can actually store a lot of your personal information, and if they got into the wrong hands could give them full access to your travel details.
In a KrebsOnSecurity blog post, they referenced Cory, a regular reader of the site who as an experiment, had zoomed into a photo of his friend’s boarding pass to see how much information he could gather.
‘I found a website that could decode the data and instantly had lots of info about his trip’, Cory explained. ‘Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator.’
He continued: ‘I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.’
Cory went on to explain how he was even able to obtain his friend’s phone number and the name of the person who booked the flight – all from the boarding pass, stressing that a hacker might have been able to go further and even change the user’s PIN number or cancel their travel plans.
Well, that’s terrifying.
If you’ll excuse us, we’re off to delete some Instagram photos.