The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider inserting the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.
In a recent test of a Lufthansa boarding pass, security experts were able to ascertain the following pieces of information about the flyer: Name, Frequent Flyer Number, Record Locator for trip, and other personally identifiable information.
With this data, the testers logged into Lufthansa’s website and were able to get the name of the person who made the reservations and the phone number of the traveler. With this access, anyone could change seats on future flight legs and even cancel a future flight and apply for a refund. The information would also allow someone to get access to the traveler’s frequent flyer account where a perpetrator could cash in points for travel or other gifts or merchandise.
Suffice it to say, there appears to be a security issue with the seemingly simple boarding pass.
It’s not the first time the contents of boarding pass barcodes has come into question: in 2012, a security vulnerability in US domestic airline boarding passes meant that travelers could scan the barcodes to reveal what kind of checks they were likely to face.
For the most part, if you keep your boarding pass quietly about your person, your details are likely to remain safe. Leaving it on the plane is not the best idea and for those who share everything on social media, security experts suggest not sharing on Facebook or other online venues.
In a recent test of a Lufthansa boarding pass, security experts were able to ascertain the following pieces of information about the flyer: Name, Frequent Flyer Number, Record Locator for trip, and other personally identifiable information.
With this data, the testers logged into Lufthansa’s website and were able to get the name of the person who made the reservations and the phone number of the traveler. With this access, anyone could change seats on future flight legs and even cancel a future flight and apply for a refund. The information would also allow someone to get access to the traveler’s frequent flyer account where a perpetrator could cash in points for travel or other gifts or merchandise.
Suffice it to say, there appears to be a security issue with the seemingly simple boarding pass.
It’s not the first time the contents of boarding pass barcodes has come into question: in 2012, a security vulnerability in US domestic airline boarding passes meant that travelers could scan the barcodes to reveal what kind of checks they were likely to face.
For the most part, if you keep your boarding pass quietly about your person, your details are likely to remain safe. Leaving it on the plane is not the best idea and for those who share everything on social media, security experts suggest not sharing on Facebook or other online venues.
RSS Feed
