“Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day. I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.”
This means one of your prankster Facebook friends could potentially change your seats, and cancel your flight, which is really not funny. Even worse, if the hacker happens to guess your security question, he/she could change your PIN. And that could lead to all sorts of other not-fun shenanigans for you.