In a recent test of a Lufthansa boarding pass, security experts were able to ascertain the following pieces of information about the flyer: Name, Frequent Flyer Number, Record Locator for trip, and other personally identifiable information.
With this data, the testers logged into Lufthansa’s website and were able to get the name of the person who made the reservations and the phone number of the traveler. With this access, anyone could change seats on future flight legs and even cancel a future flight and apply for a refund. The information would also allow someone to get access to the traveler’s frequent flyer account where a perpetrator could cash in points for travel or other gifts or merchandise.
Suffice it to say, there appears to be a security issue with the seemingly simple boarding pass.
It’s not the first time the contents of boarding pass barcodes has come into question: in 2012, a security vulnerability in US domestic airline boarding passes meant that travelers could scan the barcodes to reveal what kind of checks they were likely to face.
For the most part, if you keep your boarding pass quietly about your person, your details are likely to remain safe. Leaving it on the plane is not the best idea and for those who share everything on social media, security experts suggest not sharing on Facebook or other online venues.