What you don't know CAN (sometimes) hurt you
From the article:
Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day,” Cory said. “I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked
The information contained in the boarding pass could make it easier for an attacker to reset the PIN number used to secure his friend’s Star Alliance frequent flyer account.
Fore more info:
http://krebsonsecurity.com/2015/10/whats-in-a-boarding-pass-barcode-a-lot/
No comments:
Post a Comment