Over 32 million passengers will be traveling by air over this week’s Thanksgiving holidays, in the U.S. This time of year is particularly heavy for travel but overall annual passenger numbers are growing exponentially, across the globe. Four billion people flew in 2017, a 7.3% over 2016 and 4.5 billion people have flown so far in 2019. A lot of us are flying.
No matter how you purchase that ticket to fly, you might well be using a paper boarding pass to gain access to the plane.
We see used boarding passes all over the airport – on the ground, in ash trays, stuffed into the seat pockets of the plane, in trash cans. Once in your seat, the boarding pass is just a useless piece of paper.
Well, think again. It may be useless to you but there are criminals who find a used boarding pass anything but.
A hacker doesn’t even need your boarding pass in hand, a picture will suffice and tens of thousands of pictures of boarding passes can be found online be in Facebook or Instagram. Posting (boasting?) in detail about that trip to Paris can reap unpleasant results. The name and flight information printed on the pass is nice, but the valuable trove of information is embedded in the barcode.
With a barcode reading phone app or web application one can scan the QR code from a boarding ticket to instantly get personal details including not just the passenger’s name and flight info but personal contact info, airline account number and the most useful email address. A temporary Passenger Record Number (PRN) is a common booking reference and can be used to get into a traveler’s’ frequent flyer account. That record may well include passport information. A hacker can change or cancel your flight, I guess just for fun. More likely and profitable is that a hacker can claim miles from boarding passes that are not associated with a frequent flyer program, for example.
The bottom line is to be vigilant with your personal data while traveling and keep it safe.