A Krebs on Security expose finds that the bar codes on boarding passes contain a wealth of sensitive information that might leave passengers vulnerable.
In the wrong hands, a boarding pass may provide more information than just flight numbers and seating assignments. The scannable Quick Response (QR) code that nearly every airline uses on boarding passes can expose a wealth of sensitive information about passengers to just about anyone with a little bit of knowhow.
An investigative report by Krebs on Security found that a surprising amount of personal information can be linked to the small scannable square printed on most airline tickets. According to the report, investigators were able to obtain personal information including future travel itineraries, frequent flyer account details and contact information, simply by scanning used boarding passes into an easy-to-find site on the internet.
The data obtained from the bar code of a used boarding pass, in some cases, could allow a complete stranger to control a passenger’s frequent flyer accounts, including Star Alliance accounts, canceling future travel or even booking reward travel without consent of the account holder.
Security experts say even more troubling is the personal information hidden on boarding pass QR codes that could provide identity thieves with the tools to gain control of accounts, reset pins and obtain fraudulent accounts in a passenger’s name.
There are a number of free websites and apps, including the Inlite Research Free Barcode Reader, that can give flyers an idea of just how much information about them is hidden in the scannable code on their boarding pass. In some cases, the barcode holds no more information that the plain text printed on the boarding pass, but in many more cases, printed tickets hold much more information than what is simply printed on the ticket.