Boarding passes contain passenger information that can be accessed by others
Boarding passes contain passenger information that can be accessed by others

Why you should never upload a photo of your boarding pass to Facebook

The barcode on a boarding pass contains sensitive data

Kate Ng
Tuesday 29 December 2015 12:04
Comments

Posting a picture of a boarding pass to Facebook can seem smug, especially when no one else is going on holiday – but it could come back to bite you in a completely different way.

Brian Krebs, an author and blogger specialising in investigative stories on cybercrime and computer security, explained just how much information an airplane boarding pass contains in its barcode.

He wrote about a reader of his blog, KrebsOnSecurity, who became curious about the information he could glean from a friend’s boarding pass uploaded to Facebook.

After taking a screenshot of the Lufthansa flight boarding pass, he quickly found a website “that could decode the data and instantly had lots of info about his trip”.

The information included the passenger’s name, frequent flyer number and other “personally identifiable information”.

The reader, known as Cory, was able to obtain the “record key” for the Lufthansa flight the passenger was taking that day.

The reader continues to the airline’s website and used the passenger’s last name, which was encoded in the barcode, and the record key enabled him “to access his entire account”.

“Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance,” said Cory.

Mr Krebs said the access granted by Lufthansa also allowed Cory to view “all future flights tied to that frequent flyer account”, change seats for the ticketed passenger, and even cancel any future flights.

Travel news blog The Winglet suggests blurring out sensitive information if you must upload a photo of your boarding pass to social media.

This includes the airline ticket number, record locator and barcode, as well as “any other identifiable information”.

Once your flight is over and you no longer have a need for the boarding pass, Mr Krebs suggests putting it in the shredder rather than simply throwing it away as the data stored in it can still be accessed.

Michael Palin's top 5 travel tips

Click here to see for yourself how much information you can get from your boarding pass barcode.

More information on airplane boarding passes and barcode standards can be found in this document by the International Air Transport Association (IATA).

Click here to view the latest travel offers, with Independent Holidays.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in