Information on boarding pass barcodes poses personal security risk

Last Updated Oct 8, 2015 8:21 PM EDT

You probably don't realize it, but the data stored within the barcode at the bottom of your airline boarding pass can hold personal information that could be valuable to hackers, identity thieves or even stalkers.

In a post on his blog, computer security expert Brian Krebs suggested that you might want to shred your old boarding passes - and definitely resist posting pictures of them to social media, no matter how jealous it'll make your coworkers.

Krebs wrote that one of his readers, named Cory, took a screen shot of a friend's boarding pass that was posted to Facebook, found a free barcode reader online, uploaded the image and was able to glean a lot of private information. (There are a number of barcode scanner sites and apps; the one he used was from Inlite Research.)

"Besides his name, frequent flyer number and other (personally identifiable information), I was able to get his record locator (a.k.a. 'record key') for the Lufthansa flight he was taking day," Cory told Krebs. "I then proceeded to Lufthansa's website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see any future flights that were booked to his frequent flyer number from the Star Alliance."

In addition to records of the person's travel history, the barcode information also included the person's personal contact information.

What's the danger of having this data? Well, someone who comes across this information could alter travel plans - cancel a flight or change flight seats - and could reset the flyer's PIN number needed to access a frequent flier account, Krebs wrote. Details from this account could help determined hackers break into other ones, as well.

A person could also use it to find out where you live.

In a similar scenario in 2006, a writer for The Guardian named Steve Boggan essentially carried out Cory's barcode test on a boarding pass stub he found in a Heathrow airport trash can. He used the information from the crumpled piece of paper to access everything from the traveler's passport number to his date of birth. With this basic information, a quick Internet search led Boggan to find out the man's home address.

An easy way to prevent your information falling into the wrong hands is to use an electronic boarding pass to get to your gate. But even Krebs, who makes his living in the digital world, admitted on Twitter that he alway prints his out anyway, in case his phone dies and because there have been "too many cases where the digital pass didn't work or couldn't get to it in time."

So if you carry a paper pass when you fly, be sure to dispose of it safely - and don't Instagram it from the departures lounge.

  • Brian Mastroianni On Twitter»

    Brian Mastroianni covers science and technology for CBSNews.com