The boarding-pass hack that hit Australia’s former prime minister

Maybe don’t upload your boarding pass to Instagram.

You probably aren’t flying much right now, which might be for the best. All those boarding pass pics you’ve posted to Instagram? Turns out, hackers love them.

The boarding-pass hack that hit Australia’s former prime minister

Since at least 2015, scammers have seized on boarding pass barcodes that travelers have posted publicly — or tossed in the trash.

And most recently, a new victim really stepped in it: former Australian Prime Minister Tony Abbott.

Vacation pics are perilous

Back in March, when Abbott posted a photo of his boarding pass from the airline Qantas, an Australian blogger named Alex decided to experiment.

When logging in, Qantas only asks for 2 pieces of info from customers: your last name and your booking reference code.

Abbott’s booking code was printed on his boarding pass. When Alex entered the code, plus “Abbott,” he was in.

At first, most of the info seemed a little drab

Alex could see Abbott’s frequent flyer number and his flight times for Qantas.

But when Alex used a Google Chrome feature called “Inspect” to look over the back-end of Qantas, he hit a goldmine.

Two things were buried in the HTML: Abbott’s personal phone number… plus his passport. Yes, the private, government-issued passport number for the former Prime Minister of Australia.

Lesson being: Never post on Instagram.

Related Articles

Get the 5-minute news brief keeping 2.5M+ innovators in the loop. Always free. 100% fresh. No bullsh*t.