Tech Made Simple

Hot Topics: Enter Our Apple HomePod Mini Giveaway | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Your Boarding Pass Barcode Holds a Lot of Personal Data

by Elmer Montejo on October 07, 2015

Your seemingly harmless boarding pass actually reveals a lot more about you than what is printed on it in plain English. Data thieves can learn your frequent flier number, personal data associated with your account and details about your upcoming flights just by uploading a photo or screenshot of the barcode or QR code to Online-Barcode-Reader.

Security researcher Brian Krebs warned about the boarding pass issue after a longtime reader of the KrebsOnSecurity blog came out with step-by-step details on how he was able to access someone’s personal information using only a Facebook photo of a boarding pass as a starting point. The photo showed the boarding pass barcode, which the barcode reader site was able to decode.

Aside from gaining access to personal data and frequent flyer numbers, data thieves could also easily dig up your record locator and use that to access your entire account. Having done that, the hacker could see your phone numbers, future flights booked under your frequent flyer number, names of people who booked your flights and more. The data thieves could alter your seating choices, cancel your flights or even reset your security PIN.

Data and identity theft is big business these days. It’s not just your flight boarding pass that potentially exposes your personal data to possible attackers. With barcode- or QR-code-derived personal data plus publicly accessible information such as social network profiles and relationships, thieves could dig deeper into your accounts. Thieves can get past common security questions such as “What is your mother’s maiden name?” by looking up possible answers through your social network profiles.

Careful fliers should burn or shred used boarding passes to prevent data compromises, so that data thieves cannot use them as a boarding pass to personal data and accounts. If you don't have a shredder at home, check out our favorite heavy-duty home shredder, the Swingline Stack-and-Shred 100x

[Image credit: Airline ticket, passport and electronics, preparing to travel via Shutterstock]

Topics

Travel, News, Internet & Networking, Blog


Discussion loading

gravatar

From illy junus on October 08, 2015 :: 10:57 am


I never know that…thank you for the post, from now on i’ll be very careful

Reply

gravatar

From Lee Enrile on October 08, 2015 :: 12:01 pm


The personal details on the barcode are nothing different than was was on the old fashioned boarding passes. Namely your name, PNR, flight, frequent flyer number, maybe elite status, ticket number. It’s the PNR and FF number that’s the key.

Your FF PIN or other passwords are NOT on the boarding pass barcode. However with the PNR you can do a lot of lookups. But that is NOTHING new with the barcode. All the barcode does is allow a machine to scan it so that it can find you faster.

And BTW you don’t need to upload the barcode to an website to decode it. A good app on your phone can do this and keep the data on your device.

Reply

Our Latest Reviews

New Articles on Techlicious

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.