12/12/2024
BOARDING PASS VULNERABILITIES
People tend to share their boarding passes on social media without realizing the risks involved. A quick search on Instagram for brings up over 140k results.
A boarding pass contains variety of personal information such as;
-Passengers Full Name
-Frequent Flyer Number(Linked to your loyalty account with the airline).
-Flight Number, Departure Date and Time, Seat Assignment, Class of Service...
-BOOKING REFERENCE(PNR) AND TICKET NUMBER
The PNR and ticket number on a boarding pass can be exploited in several ways:
Flight Changes: Hackers can modify your flight, change seats, or even cancel it using the PNR.
Access Personal Info: Your PNR links to personal details, including PASSPORT OR ID INFORMATION, which can be used for identity theft.
Travel Fraud: Cybercriminals may manipulate bookings or resell tickets
Airline systems are often vulnerable, and outdated security practices put passengers at risk.
In 2015, Australian Prime Minister Tony Abbott inadvertently revealed sensitive details about his boarding pass by posting a photo of it on social media. The image contained the booking reference (PNR) and other details, which a security researcher, Alex Hope, later used to demonstrate how such information could be exploited.
Reference: Darknet Diaries Episode 84, "Jet-setters".
Never share your boarding pass publicly—adjusting contrast or brightness can reveal hidden information even if it's been "blacked out."
BOARDING PASS VULNERABILITIES People tend to share their boarding passes on social media without realizing the risks involved. A quick search on Instagram for… | 56 comments on LinkedIn