You’ve booked your holiday flights and hotel, you’ve even checked in online and printed off your boarding pass.

The next obvious thing to do is to post on social media – a quick snap with your boarding pass for Instagram?

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

No, holidaymaker, not so fast.

SureCloud is warning travellers that barcodes on boarding passes can be read by hackers, letting them steal personally identifiable information and even gain access to customers’ accounts with airlines and make changes to bookings.

Hackers can use barcode scanning mobile apps easily downloaded from app stores to get personal data like names, document verification numbers and airline frequent flyer account numbers from a social media image.

Researchers from SureCloud even obtained a volunteer victim’s driving licence number, home address, middle name and date of birth from an image.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

And right now there are more than 108,500 posts on Instagram with #boardingpass, signposting the hackers to possible victims.

There were over 200 new #boardingpass posts made in the last week alone, creating nearly 900,000 impressions and gaining over 13,000 likes.

#boardingpass at your own risk

SureCloud’s Cybersecurity practice director, Luke Potter said:  “Posting photographs of boarding passes on social media is a popular trend.

“Although some users obscure printed details such as their full name, users commonly leave the barcode on display, thinking it can only be scanned at the airport, but anyone can easily scan the code themselves to extract data, even from an image posted on social media.

“Depending on the airline, if the barcode is scanned before a flight it can also be used to make changes to bookings. Passengers should be aware that the barcode on the pass can be scanned from an image and can still be used many months after the holiday is over so it should never be shared or discarded without care.”

Hyatt hack

You’ve arrived safely on the other side, and been careful to dispose of your used boarding pass appropriately because the hard copy can be just as easily used in a hack.

But there are more cybersecurity risks at your luxury lodgings.

Big name hotels like Sheraton, Radisson and Hyatt that use an Assa Abloy locking system were hacked, again only by researchers, reported The Telegraph in April 2018.

Cybersecurity company F-Secure managed to create a master key that gave them entry to every room at the inn.

The team put in many years and hours of work to find exploitable loopholes in the locking system, leading to the hack.

They used one key card and a cheap piece of hardware combined with a custom-built software to read the card and find the master key code.