Have you ever pasted pics of your boarding pass online? Here’s why you shouldn’t.
Former prime minister Tony Abbott was taught a valuable lesson about travelling and social media this year after having his passport number and phone number hacked after making a common travel mistake.
The mistake is so common you might have done something very similar yourself at one stage or another. Once you discover the pitfalls, it is a mistake you will be unlikely to make again.
All Mr Abbott did was post a picture of his boarding pass to Instagram when travelling home from Japan in March.
That was all Australian hacker Alex Hope needed to secure Mr Abbott’s passport number, mobile phone number as well as conversations Qantas staff had about their dealings with the passenger.
In an entertaining blog post, Mr Hope detailed how he was able to use this information to reveal all the details necessary to commit identity fraud.
It should be noted that Mr Hope committed no crime with the information he gathered and in fact went to extraordinary lengths to notify Qantas and Mr Abbott about the potential security breach and waited until these holes were fixed before publishing his post, to ensure that others could not benefit from the information.
The important takeaway from the former PM’s mistake is that your boarding pass contains important and private information that you shouldn’t share online.
Mr Hope was able to use the booking reference number printed on the baggage receipt to log on to the Qantas website as Mr Abbott.
Once there, he was able to see all of the booking details and then look at the HTML coding of the site to discover his phone number and passport number.
Mr Hope spent months trying to contact Mr Abbott through the proper channels (even though he had secured his mobile phone number through illicit means) and eventually spoke to the former prime minister who was happy for him to publish his blog post, so that others could learn from his mistake.
“Mostly, he wanted to check whether his understanding of how I’d found his passport number was correct (it was). He also wanted to ask me how to learn about ‘the IT’,” Mr Hope wrote.
“He asked some intelligent questions, like ‘how much information is in a boarding pass, and what do people like me need to know to be safe?’, and ‘why can you get a passport number from a boarding pass, but not from a bus ticket?’.
“It’s, I suppose, a terrible confession of how people my age feel about this stuff,” Mr Abbott was quoted as saying.
“You could drop me in the bush and I’d feel perfectly confident navigating my way out, looking at the sun and direction of rivers and figuring out where to go, but this.”
Mr Hope wrote that he was impressed with Mr Abbott’s response to the incident.
“Back at the beginning, I was kinda worried that he might misunderstand, and think I was trying to hack him or something, and that I’d be instantly slam dunked into jail. But nope, he was fine with it,” Mr Hope wrote.
“[I] realised he just wanted to understand what had happened to him, and more about how technology works. That’s the same kind of curiosity I had.
“The point of this story isn’t to say ‘wow Tony Abbott got hacked, what a dummy’. The point is that if someone famous can unknowingly post their boarding pass, anyone can.”
Have you ever posted your boarding pass online when you travel? Did you know it was possible to glean so much information from your boarding pass? Will you be more cautious in future?
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.
Join YOURLifeChoices, it’s free
- Receive our daily enewsletter
- Enter competitions
- Comment on articles