So you're all set for your #adventure. Just have to upload a quick pic of your boarding pass, and your suitcase, and maybe your comfortable travel shoes, onto Facebook to make everyone jealous. Except, don't do the boarding pass. Unless you like getting your personal information stolen.
The blog KrebsonSecurity recently published a story on just how much personal info is held in the barcode of your boarding pass. Turns out, it's a lot. One of the blog's readers tested out this site, which allows anyone to grab all that info from an uploaded picture of a barcode. Here's what the reader found out:
“Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day. I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.”
This means one of your prankster Facebook friends could potentially change your seats, and cancel your flight, which is really not funny. Even worse, if the hacker happens to guess your security question, he/she could change your PIN. And that could lead to all sorts of other not-fun shenanigans for you.
So, other than boarding pass pics being pretentious bragfests, they're also a security threat. Stop posting them.
Sign up here for our daily Thrillist email, and get your fix of the best in food/drink/fun.
Kara King is a News Writer at Thrillist and has posted a boarding pass before. Send news tips to firstname.lastname@example.org and follow her pretentious tweets at @karatillie.