Why Posting Boarding Pass Photos Is a Bad Idea

Many people are blasé about posting photos that include personally identifiable information, but it’s a dangerous thing to do. If you can, set aside some time for a long, thoroughly entertaining read by the hacker known as “Alex.” You’ll learn how he figured out former Australian prime minister Tony Abbott’s passport number and phone number from an Instagram post Abbott made that included a boarding pass. That it was going to be a fun read became apparent early on, when Alex comments:

For security reasons, we try to change our Prime Minister every six months, and to never use the same Prime Minister on multiple websites. (Except Kevin Rudd, but that was one time and we were kinda going through some stuff. )

Alex walks the reader through exactly how he went from seeing a photo of Abbott’s boarding pass to figuring out that the Qantas website stored the traveler’s passport and phone number in the HTML code of the booking management page, readily accessible to anyone by right-clicking and choosing Inspect Element. Once he found this data, he started to worry about whether or not he had committed a crime, how to notify Tony Abbott of the situation, the best way to alert Qantas to the security breach (it’s fixed now), and if he could get permission to write about it.

Long story short, he achieved all this without going to prison. But seriously, read the post and think about what you upload for the world to see. Because the person who finds what you post might not be as ethical as the hacker known as “Alex.” 

Read original article