Skip to main content

Why posting photos of your boarding pass is a terrible idea

Ah, travel. Remember travel?

Travel was when we used to go “other places,” in a time when the U.S. wasn’t literally banned from the rest of the world. And often, when preparing to travel, we used to post pictures to social media of our boarding pass to show off to our friends and — more importantly — anonymous internet strangers.

Recommended Videos

Turns out this is and has always been a terrible idea because the internet is dark and full of hackers. Or in this case, a person in Australia who knows how to access the “inspect element” option on a website’s drop-down menu and used it to hack personal details from the country’s former Prime Minister.

Please enable Javascript to view this content

"So you know when you’re flopping about at home, minding your own business, drinking from your water bottle in a way that does not possess any intent to subvert the Commonwealth of Australia?"https://t.co/OCvJKODTTZ

— “Alex” (@mangopdf) September 16, 2020

As chronicled in an extremely hilarious blog post, complete with YMCA background music, Alex Hope, a hacker and blogger based in Australia, detailed his odyssey of kind-of-accidentally-on-purpose discovering the passport and phone numbers of former Australian Prime Minister Tony Abbott.

It all started when Abbott posted a picture on Instagram of his boarding pass in March, in which the booking reference number is clearly visible (the photo has since been removed, because duh).

Turns out, as Hope discovered, you can easily log in to certain airline websites using just this information: A last name and a booking reference. And voilà, Hope got his hands on the rather sensitive information of the major Australian diplomat, including what the airline was saying about Abbott, his phone number, and his diplomatic passport number.

This sent Hope down a wormhole of government email addresses and telephone numbers, trying to inform the powers-that-be that he had rather easily snagged this information and that it was a problem. In the end, Hope said officials corrected the issue.

When reached for comment, Hope confirmed to Digital Trends that he wasn’t a professional white-hat hacker, and the blog was basically just a fun side project, but that he does work in computer security professionally.

“I didn’t have to use any like, actual computer knowledge for this,” he told Digital Trends over Twitter. “But doing this kind of thing for work did get me in the useful habit of recording my screen whenever I’m about to do a crime.”

Making yourself an easy target

While Hope’s story is the latest (and currently, funniest) documentation of how this kind of identity theft works, it’s been a known problem for a while.

Hope’s hack was fairly low-tech (a simple right-click will do it), but there are websites out that that can also fully scan a boarding pass bar code simply through the picture, according to Reader’s Digest.

In 2017 and 2018, both Forbes and the tech blog Null-Byte pointed out that while some bad actors will go so far as to “socially engineer” (aka phish) information out of people, a simple search of #boardingpass on Instagram will yield thousands of potential targets. Even if a bar code or a booking reference aren’t forthcoming, just a frequent flyer number will work. Even Google Images indexes boarding pass pictures.

It doesn’t take much to get people’s personal information and screw up their lives via identity theft. So don’t let vanity — or a compulsive desire for social media validation — will be your downfall. Stop posting pictures of your boarding passes. Or at least obscure the important information if you must show off to your pals.

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Motorola Razr Plus (2025) could finally get its due processor upgrade
Someone holding the Motorola Razr Plus 2024, showing the back of the phone.

Motorola's flagship clamshell-style foldable, the Moto Razr Plus, is slated for a long-due upgrade in 2025. Latest rumors indicate the phone could get a top-tier Qualcomm chipset, unlike its predecessors that have stopped short of premium in the past.

According to a recent listing on the CPU benchmarking platform Geekbench (via PhoneArena), a device named "Motorola Razr Ultra" has cropped up with impressive CPU specs. That includes an eight-core CPU structure with two cores clocked at 4.32GHz and the other six at 3.53GHz.

Read more
Microsoft Edge Copilot now lets you share AI chats easily
Microsoft Copilot Pro.

Microsoft has added a new share button to Copilot in Edge, allowing users to share AI chat conversations with others more easily by creating a shareable link, as MSPowerUser reports. The update, available now, also expands the "Think Deeper" feature to all users, enhancing AI responses with deeper reasoning.

With this addition, Microsoft is making Copilot on Edge more like its website and mobile apps for a more consistent experience. For instance, on copilot.microsoft.com, you can chat with AI without signing up, similar to ChatGPT's web search. However, unlike Edge's side panel, the web version doesn't yet support sharing AI chats, but let's hope it does soon.

Read more
Microsoft sort of brings back Menu key after Copilot backlash
The Copilot key shown on a white keyboard.

After backlash over removing the Menu key, Microsoft is possibly bringing it back in a later build—partially—to Windows keyboards, restoring some of its lost functionality, as PhantomOfEarth mentions on X (via XDA Developers). This is possible because users can remap the Copilot key to serve the same purpose.

Microsoft might allow you to remap the Copilot key to open content menus, restoring the Menu key's original functionality. In October, Microsoft introduced limited remapping of the Copilot key, but it only worked for MSIX-packaged and signed apps, offering little flexibility. Now, Microsoft could expand its functionality to provide more freedom to what the key can do for users.

Read more