The usual protocol after returning from vacation is to throw out the airline tickets without giving them another thought, assuming that nobody is going to trawl through the garbage looking for an out-of-date ticket. Unfortunately, this is exactly what suspicious characters will do, knowing that these pieces of paper are the key to a whole host of private details and information.
What is even worse, however, is taking a photo of your boarding card and publishing it on Facebook or Twitter, especially if your privacy settings aren’t properly configured. By uploading this seemingly innocent image to make your friends jealous, you are inadvertently sharing your details with any user of the Internet who could use the information captured in the image for their potential benefit.
“The barcodes on boarding cards could let anyone discover information about you, your holiday plans, and your frequent flyer account”, according to IT security expert Brian Krebs.
It isn’t always like this, and sometimes the barcode only reveals information such as your name, date of the flight, the related airports, etc. However, in some cases the barcode can turn into a potential goldmine of personal information which can be used to attack your user account in the airline’s website.
The information stored on the barcodes can be extracted by using free access tools and can be interpreted by using step-by-step guides which explain each element.
The real danger that’s stored on these boarding cards is the frequent flyer number, which can be used to access your user account on the airline’s website. Knowing the name and surname of a passenger along with their frequent flyer number is “the first step to getting the password”, states Krebs.
Once inside, among other things, you can check out sensitive personal information (telephone numbers or the accompanying passengers) and even change or cancel upcoming flights. The intruder can even change the access requirements by guessing the answer to a security question – something which we have pointed out before as being rather easy to do.
This vulnerability, according to Krebs, “has created a black market for hacked frequent flyer accounts”. If you don’t want to end up being the next victim, the best thing to do is destroy your boarding cards before throwing them in the garbage or, better yet, use the official airline apps and by-pass the paper option altogether.