So you’ve just booked the holiday of your dreams – and it involves at least one plane flight.
Before you know it, you’re at the airport, smiling through the obligatory departure gate photo and then following it up with a destination reveal – in the shape of the boarding pass Insta post.
You know the one. It’s a tried and tested composition – a freshly stamped passport rested on your knee or next to a glossy mag; with your shiny boarding pass poking out.
And then you click ‘post’ , discreetly displaying to all of your followers the getaway deets.
All that’s left to do is settle into your airplane seat, sit back, flick your phone into airplane mode and wait for those likes to come flooding in.
Seems pretty harmless, right?
But, the truth is, you’ve actually just taken a huge risk.
How?
Well, the barcode on your boarding pass, along with the QR codes, hold a lot of personally identifiable information.
If this is decoded or hacked – and falls into the wrong hands – your private details and travel itinerary are on full show.
In an experimental blog post with one of their loyal readers, Cory, KrebsOnSecurity zoomed in on a photo of Cory’s friends’ boarding pass barcode.
Turns out the process was way too easy, with Cory landing himself in a plethora of private information.
Sounds terrifying, hey?
‘I found a website that could decode the data and instantly had lots of info about his trip’, explained Cory. ‘Besides his name, frequent flyer number and other [private information], I was [also] able to get his record locator.’
Cory went on to explain how he was even able to obtain his friend’s phone number and the name of the person who booked the flight – all from the boarding pass.
If Cory’s inquisition wasn’t harmless, a malicious hacker might even have gone further and changed the boarding pass PIN number or cancel travel plans.
So with that, we’ll just be over here, quietly deleting those ID loaded Insta pixels.
In the way of announcing travel plans safely on social media, why not take a post out of these model citizens’ Insta-logs?