We’re all familiar with the various stages of planning a holiday.
First you book your flights and your accommodation, then you spend weeks getting excited before hitting a slump on your last night because you realise you have to pack. Then you get excited again and head for the airport.
You make sure you’ve got everything you need – money, passport, boarding pass. Then you do what every young person in their right mind would do: you brag about it on social media.
Usually this will involve a picture of your pint in the airport bar alongside your boarding pass as proof that, yes, you are going on holiday.
https://twitter.com/kyleSA01/status/729265145084530688
But it turns out that publicly posting a picture of your boarding pass is a big mistake.
Business Insider UK reported on a blog by a security analyst that warned: “Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.”
Using the example of a friend’s boarding pass that was posted on Facebook, the writer was able to access the guy’s record locator (that is the ‘record key’ for the flight he was taking that day), and could then use that info, along with his last name (encoded in the barcode), to gain entry to his whole account on the airline’s website.
Furthermore, this data breach on the airline’s site included the friend’s phone number, and the name of the person who booked the flight.
The blog also hosts this link offering further information about boarding pass barcodes, while this site will further explain your own barcode.
This is bad news for the thousands of people who have already posted pictures to Instagram with #boarding pass tagged, let alone the people who have done the same without tagging.
So the next time you’re in the airport, stick to the selfie with the pint.