4 Things I Wish I Knew Before Posting My Airline Boarding Pass Online

5 Tips To Stay Secure Online As A Digital Nomad
August 30, 2017
What You Need To Know About Steam Blocked in Malaysia
September 9, 2017
Show all

4 Things I Wish I Knew Before Posting My Airline Boarding Pass Online

Back in 2015, we wrote an article on the dangers of posting photos of your airline boarding pass online and just how much info the simple barcode and QR code carried.

Since then, I have become somewhat of a security and privacy warrior (and perhaps source of annoyance) to my friends by constantly reminding before they embark on trips to stop Instagramming shots of their boarding passes.

Although two years has passed since we first released that article, I found that many of my friends are still unaware of the depth of information available from those little black and white lines of barcodes.

While this may not be news to you, feel free to share this advice with THAT travelling friend you know who indulges in those humblebrag photos with their #blessed captions of their boarding passes.



One of the early extensive mentions of any privacy research pertaining to boarding pass barcodes was probably by KrebsonSecurity. Cory, a KrebsonSecurity blog reader, shared his investigation on this matter.

Cory only took a screenshot of a friend’s Lufthansa boarding pass that was posted to Facebook and uploaded it to a barcode reader online before he was able to gather a lot of personal information from the screenshot alone.

There are readily accessible free barcode scanners online. However BolehVPN chooses not to name the sites as they could potentially be used for **evil purposes**. However, all it takes on these barcode scanner sites is an image of the barcode to read all the data stored on it.



Information contained on an airline boarding pass (Source: KrebsOnSecurity)

What kind of information can be pulled from these photos of your boarding pass? A whole lot! This includes:

  • Full name
  • Frequent flyer number
  • Flight record locator
  • Current and future itineraries
  • Phone numbers
  • Last four digits of the credit card number



So you might be thinking, what’s the most a hacker could do even if they got hold of this basic information? After all, it is just simple info that could not be all that damaging, right?

Wrong. There are a variety of ways that the information stored on these barcodes could be more disruptive for you.

For instance, Steve Boggan a writer at The Guardian, detailed how from the information he gathered from a thrown out boarding pass, he did a quick Internet search which led him to even find the home address of the boarding pass holder.

Additionally, hacking into someone’s frequent flyer account would enable a hacker to redeem things like flights and gift vouchers. Travelling with a friend? A hacker would also be able to see all the passengers on that reservation.

Security researcher, Michal Špaček gave a talk at a conference in the Czech Republic how he was able to change the password for another friend’s United Airlines frequent flyer account, or with a six-digit booking code, was able to cancel future flights.

Travel blogger Ben Schlappig found himself in this unfortunate situation whereby a hacker looking to disrupt Schlappig’s travel expeditions, logged onto his accounts to cancel and alter his reservations two times just a few hours before he was set to check-in for long haul flights.



But did you REALLY go on your trip if you do not post that standard boarding pass and passport shot?

Well of course you did!

So how can you travel smarter the next time you are getting on a plane?

  • Do not throw your boarding pass in the trash can, or even if you do, shred it up before you dispose it. And don’t leave it in the backseat!
  • If an electronic boarding pass is allowed with your airlines, it is a good idea to use the mobile option instead of a printed one.
  • Treat your boarding pass like the key to your home. Posting photos of it online with all the travel details is like leaving your door wide open to alert others of your empty home. If you feel you must post a photo of your boarding pass before you fly, at least conceal not only your name but also its barcode.

Safe travels!

Leave a Reply

Your email address will not be published. Required fields are marked *