What info is stored in a boarding pass barcode? A lot.

|

What do you do with your used boarding pass after a flight or trip? If you typically just toss it in the trash on your way to baggage claim, that’s a bad idea. 

Barcodes and QR codes that are printed on airline boarding passes can contain a lot of information about the traveler, including personal details, future travel plans and frequent flyer account information. And with that information, a scammer get access to a lot more.

What’s in a boarding pass

According to security website KrebsOnSecurity, someone can access the information stored in those codes with just an image of the boarding pass. After one of the site’s readers, referred to as Cory, told KrebsOnSecurity that when he noticed his friend posted a photo of his boarding pass on Facebook, he saved the image and started doing a little digging. With just that one photo, Cory found a website that could decode the data and instantly reveal a lot of sensitive information about his friend.

flight boarding pass contains personal info sensitive

“Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day,” Cory told the site. “I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.”

Once Cory got access to his friend’s airline account, he could see his friend’s phone number, the name of the person who booked the flight and information about future flights. He could even cancel or change any future flights.

Read more: 7 safety travel tips to protect you and your wallet

And a thief would be able to find a lot more information than that. KrebsOnSecurity says that by using the frequent flyer account number — which is stored in the boarding pass code — a scammer could use the ‘Forgot PIN’ option on the airline’s website to gain more access. Answering a security question like ‘What is your mother’s maiden name?’ would only take a quick social media or Google search, and then the scammer is in — gaining access to, and control of, the entire account.

You can check out the standards for boarding pass barcodes from the International Air Transport Association (IATA) here. Get more from KrebsOnSecurity here.

Read more: 13 ways you may be exposing yourself to fraud every day

Advertisement

How to protect yourself

The best way to keep someone from getting your old boarding pass — and the information stored in it — is to shred it in a paper shredder.

And don’t share images of your boarding pass on social media or anywhere else on the Internet.

For more on how to protect your personal documents and files, check out Clark’s guide to record, paperwork and file keeping.


4 Best Travel Rewards Credit Cards Right Now - The best travel rewards credit cards! Compare the latest sign-up bonus offers to start earning free flights, hotel stays and more.

  • Show Comments Hide Comments