This is just incredible. It turns out that the booking references (usually 6 digits) used for all flights around the world can be used to access much more private information for travellers. These codes can be read from for example boarding cards, of which there are plenty posted on sites like Instagram. With a code and surname, the email address, mail address, phone number, frequent flyer number and other information can be accessed using weakly secured websites. It doesn't even need to be the airline the booking was made from, because they all accept and share the same booking codes.
The researchers showed that it was possible to find booking codes with open ended tickets, leaving the possibility of someone getting a free flight by changing the booking.
The airline booking systems are in need of a major overhaul, but the airlines clearly don't care enough right now. Hopefully this is a catalyst for change.
This is just incredible. It turns out that the booking references (usually 6 digits) used for all flights around the world can be used to access much more private information for travellers. These codes can be read from for example boarding cards, of which there are plenty posted on sites like Instagram. With a code and surname, the email address, mail address, phone number, frequent flyer number and other information can be accessed using weakly secured websites. It doesn't even need to be the airline the booking was made from, because they all accept and share the same booking codes.
The researchers showed that it was possible to find booking codes with open ended tickets, leaving the possibility of someone getting a free flight by changing the booking.
The airline booking systems are in need of a major overhaul, but the airlines clearly don't care enough right now. Hopefully this is a catalyst for change.