Former Australian PM Tony Abbott’s passport details and phone number obtained by hacker

As reported by The Guardian, an Australian hacker obtained Tony Abbott’s passport details and personal phone number using a photo of a plane boarding pass the former prime minister posted on social media. The hacker Alex Hope managed to use a photo of Abbott posted on Instagram to reveal security flaws in the online check-in portal for Qantas.

Experts Comments

September 22, 2020
Kelvin Murray
Senior Threat Research Analyst
Webroot
With the increased use of social tools to 'post' about personal life and business communications, social media security is more important than ever. Everyone needs to be cautious about how much personal information they share, and this is an example of there being more information in a photo than might meet the eye. In this case, what was posted was used to access personal details and accounts though the booking reference that was in the image. In order to limit the impact of these types of.....Read More
With the increased use of social tools to 'post' about personal life and business communications, social media security is more important than ever. Everyone needs to be cautious about how much personal information they share, and this is an example of there being more information in a photo than might meet the eye. In this case, what was posted was used to access personal details and accounts though the booking reference that was in the image. In order to limit the impact of these types of activities, users need to be aware of where valuable data might lie. As more people and businesses use social media, cybercriminals are finding more creative attack methods. Beyond this, there are two parties at fault here. Firstly you should never post tickets or identification documents online. There are simply too many ways in which a hacker can use basic OSINT or more complicated techniques to find further information. Secondly, there was clearly an issue with website security here as personal details such as phone or passport numbers should never be available through HTML in this way. In this case, it looks like the hacker in question alerted all parties in a responsible way, and the airline has been able to protect future customers as a result of this breach.  Read Less
September 16, 2020
Jake Moore
Cybersecurity Specialist
ESET
Few people realise the dangers of photographing seemingly innocuous information such as plane tickets and then posting it on social networks. Yet, as we have seen here, the internet can easily carve up personal details after a little trawling. Many airlines now require information such as a username and password to obtain more personal details, but there are still a number of providers where only the ticket reference from the boarding pass is needed to unravel the more private details on anyone .....Read More
Few people realise the dangers of photographing seemingly innocuous information such as plane tickets and then posting it on social networks. Yet, as we have seen here, the internet can easily carve up personal details after a little trawling. Many airlines now require information such as a username and password to obtain more personal details, but there are still a number of providers where only the ticket reference from the boarding pass is needed to unravel the more private details on anyone who flies with them. Many people now live their whole lives through social media and give little thought to the consequences of what might happen should personal data get into the wrong hands. We need to educate those users and remind them to think twice when posting sensitive information. Furthermore, information that seems trivial to them could just be the missing piece in the jigsaw to a cybercriminal.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts