As reported by The Guardian, an Australian hacker obtained Tony Abbott’s passport details and personal phone number using a photo of a plane boarding pass the former prime minister posted on social media. The hacker Alex Hope managed to use a photo of Abbott posted on Instagram to reveal security flaws in the online check-in portal for Qantas.
With the increased use of social tools to \’post\’ about personal life and business communications, social media security is more important than ever. Everyone needs to be cautious about how much personal information they share, and this is an example of there being more information in a photo than might meet the eye. In this case, what was posted was used to access personal details and accounts though the booking reference that was in the image.
In order to limit the impact of these types of activities, users need to be aware of where valuable data might lie. As more people and businesses use social media, cybercriminals are finding more creative attack methods. Beyond this, there are two parties at fault here. Firstly you should never post tickets or identification documents online. There are simply too many ways in which a hacker can use basic OSINT or more complicated techniques to find further information. Secondly, there was clearly an issue with website security here as personal details such as phone or passport numbers should never be available through HTML in this way. In this case, it looks like the hacker in question alerted all parties in a responsible way, and the airline has been able to protect future customers as a result of this breach.
Few people realise the dangers of photographing seemingly innocuous information such as plane tickets and then posting it on social networks. Yet, as we have seen here, the internet can easily carve up personal details after a little trawling. Many airlines now require information such as a username and password to obtain more personal details, but there are still a number of providers where only the ticket reference from the boarding pass is needed to unravel the more private details on anyone who flies with them.
Many people now live their whole lives through social media and give little thought to the consequences of what might happen should personal data get into the wrong hands. We need to educate those users and remind them to think twice when posting sensitive information. Furthermore, information that seems trivial to them could just be the missing piece in the jigsaw to a cybercriminal.