I have been flying quite a bit, to the point that I never give a second glance to the boarding pass I am given at check in. And once the flight is over the boarding pass goes in a trash bin.
Well, I have to say I was surprised by reading an article on KrebsonSecurity on the risk hidden in a "boarding pass". The QR code (or Barcode) contains name, flight number, frequent flier number, record locator plus few more data depending on the airline...
If someone gets your Boarding Pass once you drop it, or just take a photo with his cell phone, he can send its image to a website like Clearimage Barcode and get the information hidden, instantaneously.
Well, now he has got your name and record locator. With this information with just a few clicks on the airline website he can get your complete trip itinerary, and also the next flights you have already booked with that airline.
He can also see the additional information linked to that reservation, such as the phone number to call in case of emergency, or the person who booked the flight.
He could also change your seat, even cancel your next flight. He can use the information to reset your PIN and with the new one he could book flights for himself using your miles... (resetting the PIN would require ... the PIN, but you can pretend you forgot it and the airline will prompt you with a question like "what is your mother maiden name, and quite often it is not difficult to retrieve that information by googling and looking at social networks...).
Isn't this scaring? I am glad that I am now using mostly electronic boarding passes on my cell phone.
Interestingly, the article is based on a curiosity of a person that got the photo of the boarding pass of one of his friend who posted it on Facebook. It shows how much personal information we are presenting to the world without even being aware of it!
The data economy is just going to increase the threats along with the opportunities. The problem is that opportunities are like honey for a fly, but honey is also attracting bears...