You probably aren’t flying much right now, which might be for the best. All those boarding pass pics you’ve posted to Instagram? Turns out, hackers love them.
Since at least 2015, scammers have seized on boarding pass barcodes that travelers have posted publicly — or tossed in the trash.
And most recently, a new victim really stepped in it: former Australian Prime Minister Tony Abbott.
Vacation pics are perilous
Back in March, when Abbott posted a photo of his boarding pass from the airline Qantas, an Australian blogger named Alex decided to experiment.
When logging in, Qantas only asks for 2 pieces of info from customers: your last name and your booking reference code.
Abbott’s booking code was printed on his boarding pass. When Alex entered the code, plus “Abbott,” he was in.
At first, most of the info seemed a little drab
Alex could see Abbott’s frequent flyer number and his flight times for Qantas.
But when Alex used a Google Chrome feature called “Inspect” to look over the back-end of Qantas, he hit a goldmine.
Two things were buried in the HTML: Abbott’s personal phone number… plus his passport. Yes, the private, government-issued passport number for the former Prime Minister of Australia.
Lesson being: Never post on Instagram.
Get the 5-minute roundup you’ll actually read in your inbox
Business and tech news in 5 minutes or less