You might think it's safe to throw an old airline boarding pass in the trash, but a new report shows that they can contain much more than your name and where you travel. According to security researcher Brian Krebs, the barcodes and QR codes printed on airline boarding passes can be used to pull your phone number and alter future travel plans.
Krebs claims that one of his readers was able to reverse engineer their frequent flyer number and plenty of other data by uploading a barcode from an old Lufthansa boarding pass to an online barcode decoder program. With just the personal information pulled from the barcode, the Lufthansa site granted access to view upcoming flights, change seating and cancel tickets for any trips tied to the frequent flyer number.
Going further, the personal information — your name, phone number and frequent flyer number — accessed from the barcode could even allow someone to reset the PIN number used to access the frequent flyer account. Krebs points out that the security question protecting the PIN from his reader was "What is your mother's maiden name," something he says could easily be found on social media.
Krebs’ reporting shows that Lufthansa isn’t the only airline that makes such data easily accessible; United Airlines (which is also on the Star Alliance program) also uses frequent flyer numbers as account access codes.
To protect your personal information and upcoming flights, we advise users shred their boarding passes after the flight is over. If you use an airline app on your phone to board, make sure to use delete that data from your device once you don't need it anymore.