Your name. Your frequent flyer number. Your passport number. Your personal contact information. Yep, that’s all embedded in the barcode on your boarding pass, just waiting for a nefarious character to pick it up and do something, well, nefarious with it, which could be anything from resetting your frequent flyer pin number to stealing your identity. Who knew?
The idea came up during a Q&A on a recent MeetingsNet webinar on cybersecurity, when an audience member asked session leader MaryAnne Bobrow, CAE, CMP, CMM, Bobrow Associates, whether using e-boarding passes could open you up to hacking. Bobrow did some digging, and found this article in The Guardian. It shows that, even back in 2006 when the KrebsOnSecurity blog post it talks about was originally posted, it was all too easy to find a free website that could decode that barcode and get all kinds of data, including the flyer’s name, frequent flyer number, and record locator. Armed with this info, it was equally easy to go to the airline’s website and get access to a flyer’s account, including his phone number and address.
From there, an identity thief would have all he needs to start taking over your life. Or possibly hold you for ransom. As Mark Murphy says in a CBS video clip, once someone knows your name and what flight you’re on, “They could meet you at the airport posing as your car service. Especially for executives, I would worry about that.”
But, in all my cyber-sluething for more information, it looks like electronic boarding passes are actually a pretty secure alternative to paper. As this CBS article says, “An easy way to prevent your information falling into the wrong hands is to use an electronic boarding pass to get to your gate.” But if you are like computer security expert Brian Krebs, whose blog post got this conversation rolling, you want that piece of paper just in case your phone battery runs out at the worst possible moment.
So here’s your PSA for today: Don’t just toss out your paper boarding pass. To be safe, shred it, burn it, or otherwise dispose of it just as you would a credit card application that comes to your house unsolicited (and if perchance you’re not shredding those, it’s time to start).