Although it’s tempting when you’re killing time in an airport to let everyone know that you’ll soon be on the beach, you might want to think twice before posting a photo of your boarding pass. A Czech security researcher’s blog post has revealed how hackers can scan your boarding pass’s barcode or use your flight’s reference number to steal crucial information.
A post by Michal Spacek, a web developer who blogs regularly about security strategies, detailed how after seeing a friend post his boarding pass on social media, he easily found his personal flight information online. By entering the reference number of the flight into British Airlines’ website, Spacek could get into his friend’s booking page by “verifying” himself by plugging in his friend’s birthday — which he found on Facebook. From there, he could see his friend’s passport number, all the information about his flight itinerary, and could change anything he wanted.
If you think that blurring out the numeric details of your boarding pass is a solution, apparently it’s not. A simple bar code can be easily scanned using a number of apps by anyone curious enough to try. And that can reveal a lot.
Aztec codes, a barcode sometimes found on boarding passes and also used in lieu of a paper boarding pass on smart watches, can give away a lot about a traveler. By scanning Aztec barcodes that he found on social media, Spacek was able to discover full names, flight itineraries, and even a frequent flyer account number. Yikes.
Spacek is quick to point out that boarding passes left on flights (who hasn’t done that?) still hold a treasure trail to a person’s identity. So maybe opt for a selfie next time you’re waiting around at the airport… and then find a shredder for your boarding pass as soon as you land.