Don't Share Photos of Your Boarding Pass
#1
Original Poster
Join Date: Jun 2004
Location: RDU
Programs: UA 1MM & *A Gold
Posts: 193
Don't Share Photos of Your Boarding Pass
Turns out that the bar codes on them are highly insecure and someone could take over your Mileage Plus account with an image of your boarding pass bar code.
http://krebsonsecurity.com/2015/10/whats-in-a-boarding-pass-barcode-a-lot/
I used to share pics of my boarding passes now and again. I'm not doing that any more!
http://krebsonsecurity.com/2015/10/whats-in-a-boarding-pass-barcode-a-lot/
I used to share pics of my boarding passes now and again. I'm not doing that any more!
#2
A FlyerTalk Posting Legend
Join Date: Apr 2001
Location: PSM
Posts: 69,232
The barcode contains the PNR, passenger name and FF# among other things. That alone is not enough to compromise an account - it doesn't have an email address or password in it - but it is a good start.
#4
Join Date: Dec 2004
Location: BOS<>NYC<>BKK
Programs: UA 4.3MM LT-GS; AA1MM; Amtrak SE; MAR LT TITAN; PC Plat; HIL DIA; HYA GLOB
Posts: 4,389
More importantly, with just your last name and PNR, anyone can access (and change or cancel) your reservation. It's all in plain-text -- no need to scan the bar code.
#5
Senior Moderator; Moderator, Eco-Conscious Travel, United and Flyertalk Cares
Join Date: Jun 1999
Location: Fulltime travel/mostly Europe
Programs: UA 1.7 MM;; Accor & Marriott Pt; Hyatt Globalist
Posts: 17,831
As this is not specific to United, please follow this in Travel Buzz.
l'etoile
UA moderator
l'etoile
UA moderator
#7
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,399
I'm not very happy about having to submit boarding passes for reimbursement because often my email is included on the request or can be found easily by anyone handling the documents.
One solution is multiple email accounts for different purposes, but this can be inconvenient. [Ask Hillary.]
One solution is multiple email accounts for different purposes, but this can be inconvenient. [Ask Hillary.]
#9
Join Date: Jul 2005
Location: PEK
Programs: A3*G, UA Gold EY Silver
Posts: 8,954
#10
Suspended
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,262
Turns out that the bar codes on them are highly insecure and someone could take over your Mileage Plus account with an image of your boarding pass bar code.
http://krebsonsecurity.com/2015/10/w...barcode-a-lot/
I used to share pics of my boarding passes now and again. I'm not doing that any more!
http://krebsonsecurity.com/2015/10/w...barcode-a-lot/
I used to share pics of my boarding passes now and again. I'm not doing that any more!
Good grief, anybody who has read a newspaper in the last 7-10 years knows better than to publish any details of anything as they can all be put together to cause problems.
#11
Join Date: Nov 2009
Location: 6km East of EPAYE
Programs: UA Silver, AA Platinum, AS & DL GM Marriott TE, Hilton Gold
Posts: 9,582
I was just reading this too. I always blur out or cut off photos of the bar code and PNR in a photo. You know what else you shouldn't do - leave you old boarding pass or ticket stub in the seat in front of you. Someone with a app can mess with your trip and you'd never know!
#12
FlyerTalk Evangelist
Join Date: May 2002
Location: Pittsburgh
Programs: MR/SPG LT Titanium, AA LT PLT, UA SLV, Avis PreferredPlus
Posts: 31,004
That was my first thought also.
At least critical data and the bar code are obfuscated on these. Other than name, there's not much there. And given that he's publishing it on his blog, that's not exactly secret.
#13
Join Date: Jul 2005
Location: PEK
Programs: A3*G, UA Gold EY Silver
Posts: 8,954
My name is on those photos too - nothing to hide there.
#14
Join Date: Aug 2013
Location: DXB
Programs: EK, AA, DL, UA, SPG, HGP, Amex
Posts: 1,208
Some airlines are less secure than others...
For one sizable airline that I won't mention, a PNR and a last name gets you to the reservation (pretty standard) but also gives access to the personal details on that reservation with no masking (such as *'s or partial info only), including full name, contact info, nationality and even passport number!