NORTH TEXAS (CBSDFW.COM) — Cyber security experts are warning of a troubling trend of passengers forgetting their airline boarding passes behind, or worse — posting them online.
That’s because the barcode on the boarding pass contains enough personal information to create havoc with a travelers plans.
“For barcode, you don’t need to be a hacker to get the information out of it,” said Dr. Murat Kantarcioglu, professor of Computer Science at University of Texas in Dallas. “A free barcode reader app can get a lot of information out.”
It may have information about your airline locator ID and your frequent flyer number.
Using a free app, the CBS 11 news team was able to scan an electronic boarding pass sent to us by a viewer.
Them team was able to determine the day of travel, the destination, seat number and a record locator number. They were also able to put all the pertinent information on the airline website and pulled up a full itinerary, along with the cost of travel and a frequent flyer number.
“That information for most airline is enough to retrieve an itinerary, you can even launch a simple attack by calling and masquerading as someone,” Kantarcioglu said.
Even though we were able to get the frequent flyer number, Kantarcioglu said it is not easy to get into someone’s frequent flyer account unless you are a professional hacker.
“Taking over your account using frequent flyer number would take additional steps and airline companies make it much harder,” he said.
He advises everyone to destroy their boarding pass as soon as the trip is over, not to leave it in the seat pocket and not post it on social media.
“Passengers should treat their boarding passes like any document that has personal information on it, since boarding passes already have their name on it,” a spokesperson for American Airlines said. “If a passenger is concerned about their privacy, they can use a mobile boarding pass on their phone or on the American Airlines app.”