Sharing pictures related to travel on social media, such as those of a boarding pass, can be a great way to keep friends and family in the loop about your trips.
However, before you go online posting your travel documents, you should consider the dangers of doing so. While it might be just a fun activity for you and your followers, hackers and identity thieves have more nefarious intentions.
Do you remember what you did with your last boarding pass? Perhaps you threw it away at the airport or left it in the seatback pocket in front of you. Or maybe you might be one of those people who posted a picture of it under the hashtag BoardingPass. But what’s the danger? After all, the ticket is already purchased and your billing information isn’t visible. Or is it?
The problem with boarding passes is that they include a lot of sensitive information, including your first and last name, the airport of departure and arrival, a frequent flyer number, and most importantly a barcode that contains all kinds of valuable data.
According to cybersecurity expert Brian Krebs, the barcodes and other pieces of data can be scanned to reveal underlying information that could let identity thieves get into frequent flyer accounts. Once inside, he warns they have “the ability to view all future flights tied to that frequent flyer account, change seats for the ticketed passengers, and even cancel any future flights.”
After one of his subscribers was able to harvest crucial information from a friend’s boarding pass that had been posted on Facebook using an easily accessible code-scanning website, Krebs advised “the next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead.”
You might think that this problem would be limited to pictures of printed boarding passes and that using the airline’s regular app or frequent flyer app would help eliminate the problem. However, a USA Today report showed the QR code generated by these apps is just as vulnerable to decryption and thus identity theft, as was the old printed version. If you screenshot the digital boarding pass and share it or post it, you will be just as exposed.
Another issue comes with the six-digit code that all passengers are given on their boarding passes and luggage after check-in. Air travel professionals call this a PNR (passenger name record). The ethical hackers at Safety Detectives, led by Israeli hacker Noam Rotem, discovered that they could easily gain access to PNR lists, and once they did, they could manipulate passenger profiles for Israeli airline El Al.
The hackers found they could “make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update the customer’s email and phone number, which could then be used to cancel/change flight reservation via customer service.”
They immediately contacted Amadeus, the booking company that Safety Detectives found “controls a staggering 44 percent market share of airlines operating worldwide, including United Airlines, Lufthansa, Air Canada, and many more.”
The major points to remember are as follows:
1) Don’t post pictures of your boarding pass, whether printed or digital, on social media.
2) Don’t leave your boarding pass on the plane or toss it in a trash can where someone could fish it out.
3) Check your frequent flyer information regularly to make sure nothing strange is happening.
With these simple tips, you can help avoid having your personal information, and potentially your next flight, hacked.
Go to Source
Author: Robert Jay Watson