|
?:reviewBody
|
-
In early 2016, multiple web sites published breathless warnings about how social media users would never believe how dangerous it was to discard boarding passes. One such version reported: The travel-related warning was reminiscent of the widely-circulated stories about the hidden dangers of hotel key cards and helping fellow airport travelers by holding their water bottles. In this case, the viral boarding pass items were mostly sourced from a far less alarmist source, a KrebsOnSecurity article from October 2015. The author of that piece explained that he had heard from a longtime reader, who said he began to get curious about the data stored inside a boarding pass barcode after a friend put a picture of his boarding pass up on Facebook, before going on to document a complex series of steps he used to test his hypothesis: The KrebsOnSecurity article described a process that was both time-consuming and laborious, and provided little information that would be truly useful to potential thieves. For example, the risks cited involved not the draining of bank account, but the potential resetting of the PIN used to access frequent flyer miles. After what appeared to be a moderate to intensive effort, all the information extracted in the provided example was described as the ability to view all future flights tied to that frequent flyer account, change seats for the ticketed passengers, and even cancel any future flights. Many such operations with online accounts require the user to answer one of more security questions, and the answers to those questions are not something a potential thief would be able to glean from a discarded boarding pass. The article hypothesized that thief might be able a to answer a simple security question such as What is your mother's maiden name? by gathering that information from a flyer's social media accounts. We contacted travel expert and consumer advocate Christopher Elliott for additional information on the claims, who noted in reply that the risks expressed were more hypothetical than actual: Like Elliott, we were unable to uncover any indication thieves were routinely (or even rarely) plumbing discarded boarding passes to steal anyone's personal information, and much of the sensitive information the warning cited was printed in plain text on the front of the boarding passes. A JetBlue representative provided us with additional information about how boarding pass QR or bar codes worked. The representative affirmed the encoded information approximately matched the text printed on the pass and did not contain other sensitive information (such as bank details). However, he noted that sharing boarding passes to social media while en route presented a marginal risk of hassle to some passengers (largely unrelated to the warning). A representative from Southwest Airlines also explained to us that no sensitive information was encoded into that carrier's boarding passes: Among information generally contained on a boarding pass was a traveler's confirmation code. Armed with a confirmation code and a passenger's ticketed name, mischievous individuals potentially possess the ability to cancel a ticket mid-journey. The Southwest rep confirmed that by and large that held true across the industry and advised travelers to be mindful when sharing their itineraries to social media.
(en)
|
![[This page as RDF]](http://data.gesis.org/claimskg/static/rdf-icon.gif){kind=icon}