What could possibly be dangerous about an airline boarding pass? It just has your name and destination on it, right? Unfortunately not, according to cybersecurity researcher Brian Krebs.
Krebs writes on his blog, KrebsOnSecurity, that one of his longtime readers saw a friend post a photo of one of his boarding passes on Facebook, including the barcode on it. The reader took a screenshot of the barcode on his friend's website and uploaded it to the ClearImage Barcode Reader site. What he discovered shocked both him and Krebs.
Just by decoding the barcode, which anyone can do online, the reader discovered his friend's personal information along with his frequent flyer number for Star Alliance, an organization comprised of 27 airlines. The barcode also revealed his friend's "record key" for the Lufthansa flight, and that coupled with the frequent flyer number allowed him to view his friend's future flights, change seats for anyone affiliated with the frequent flyer number and even cancel flights booked on the account.
Krebs points out the precautions some airlines take with frequent flyer numbers - for example, United Airlines uses asterisks for all but the last three numbers on any correspondence and on boarding passes, but the barcode reveals the number when decoded. This is obviously information you don't want to share with the whole world, so next time you fly, be sure to destroy your boarding pass afterward.
This is just one tip for securing your personal information in the digital world. For more, visit our Komando.com Security Center, and check back often to our Happening Now page for all the latest news on security vulnerabilities, hacks and everything digital.