RELATED: Never Forget to Do This After Takeoff, Flight Attendant Warns. One of the most exciting parts about travel can be when you’ve cleared through security and you’re passing time in the terminal before boarding your flight. Often, this also provides the perfect opportunity to update your social media feeds with a quick snapshot to announce your pre-trip bliss to your friends and family. But according to experts, you should never use your phone to post a picture of your boarding pass online.ae0fcc31ae342fd3a1346ebb1f342fcb While it may look like random numbers and letters, your ticket contains very sensitive information that you wouldn’t want to fall into the wrong hands. “Many airlines use only the data on the boarding pass, specifically the confirmation code and last name to allow full access to your online account,” Mark Scrano, an information security manager at cybersecurity firm Cobalt, told Condé Nast Traveler. “These can be abused to access your personal data that is stored by the airline.” And it’s not just the written information that should be your only concern. Even if you obscure your name, confirmation number, and flight number, hackers could still glean your sensitive data from any barcode or QR code on your printed or digital ticket. According to privacy researcher Bill Fitzgerald, you should always assume that any scannable code “has information about you and your stuff and where you’re going,” even if that information is “going to vary barcode by barcode, airline by airline,” he tells Condé Nast Traveler. “It’s good information that could be used in any type of identity theft or a targeted hack,” he warns. “So if you’re concerned about having your identity stolen, it’s a really simple step to take, to not share barcodes in any way, shape, or form.”
RELATED: For more up-to-date information, sign up for our daily newsletter. As if avoiding having your identity stolen weren’t reason enough to avoid posting a photo of your boarding pass, there’s also the possibility that hackers could seriously mess up your travel arrangements. During an exercise in 2019, Noam Rotem, an Israel-based security researcher, discovered a flaw in the Amadeus online booking system used to pass information between 200 major airlines, booking websites, and travel agents, Popular Mechanics reports. In this case, he could get the six-digit code used on boarding passes and luggage tags known as a passenger name record (PNR) by manipulating the code used to communicate between the booking system and the airline El Al. “Just by guessing PNRs, I was able to access personal data and change contact details of customers,” Rotem wrote in a blog post for security website Safety Detectives. “This was confirmed by both El Al’s VP and the Amadeus team.” From there, it was also possible to inflict serious damage on someone’s trip. The vulnerability allowed the team to “claim frequent flyer miles to a personal account, assign seats and meals, and update the customer’s email and phone number, which could then be used to cancel/change flight reservation via customer service,” he wrote. Amadeus says they have since repaired the security lapse, Popular Mechanics reports. Unfortunately, it’s not just potential scammers on social media who could be after your personal information. Even a used ticket carries sensitive data on it once you’ve arrived. After you land, experts suggest collecting all of your paper documents and holding off on throwing them out until you get home or to your hotel. Ideally, Fitzgerald says you should shred them like any other sensitive document before putting them in the trash. And while it may not be the most likely way your data is breached, experts say it’s still best to play it safe with your travel documents. “Is it catastrophic if these get into the wrong hands? Probably not,” Fitzgerald tells Condé Nast Traveler. “But with that said, if there’s somebody coming after [your information] specifically, don’t make it easier for them.” RELATED: This Is the Worst Place to Sit on a Plane, Flight Experts Say.
