Australia's Former PM Posted His Boarding Pass On Instagram

Tony Abbott, Australia's former Prime Minister, found himself in quite an embarrassing situation recently. Following a Qantas flight from Tokyo to Sydney, the former PM posted a photo of his boarding pass, thanking the crew for the flight. Just 45 minutes later, a hacker managed to use the boarding pass to gain access to Mr. Abbott's details, including passport and mobile number. So what exactly happened? Here's why you should never post your boarding pass online!

What happened?

The story began in late March when the former PM posted a picture of his boarding pass on Instagram. He posted the photo (of his boarding pass and baggage receipt) to thank the crew of QF26 from Tokyo to Sydney on 21st March. The post has since been deleted, but not before an interested hacker got a look at it.

Stay informed:Â Sign up for ourÂ daily aviation news digest.

In a blog post, Alex Hope, the man behind the hack, talked about how one of his friends sent him the Instagram post and challenged him to hack into the details. However, Mr. Hope quickly realized he didn't need to do any "hacking", the booking reference number was printed on the baggage receipt (blurred out in the above photo).

After heading to the Qantas website and entering the reference number and the former PM's last name, lo and behold, he had access to the PM's name, flight details, and frequent flier number. Quite clearly, this was quite a security breach, but one brought about by Mr. Abbott's own mistake. However, Mr. Hope quickly found another flaw in Qantas' website.

Security flaw

Until now, Alex Hope had managed to access only the former PM's basic details. However, out of curiosity, the hacker decided to go into the web page code of the Qantas 'Manage Booking' website. With the 'Inspect Element' feature on Google Chrome (which shows the background HTML code), Mr. Hope did a search for the word passport out of curiosity.

The Qantas website had a lot more information than it may have intended to hold. Photo: Qantas

With this, Mr. Hope did not just find the former Prime Minister's passport number and mobile number. He also found communications between Qantas staff about the booking. This included notes such as "please seat in the last row window" and "requesting fast track for Mr. Abbott."

To sum up, the photo of Tony Abbott's boarding pass allowed Alex Hope to access his: flight details, frequent flier number, passport number, mobile number, and staff comments about the booking. This had to be fixed quickly, at least reducing the number of details available to anyone with your reference number and name.

No ill intentions

Soon after realizing what he had managed to access, Mr. Hope did the right thing and reported the issue to Tony Abbott's office and the Australian Cyber Crime division. He also reached out to Qantas' security team, who forwarded the complaint to their booking software partners.

qantas-centralise-head-offices-getty — Qantas upgraded it's security software after nearly five months, according to Mr. Hope. Photo: Getty Images

After nearly five months of following up, Qantas finally confirmed that they fixed the issues. However, Mr. Hope says he had one more surprise call, this time talking to the former Prime Minister himself, to whom he explained how much sensitive information a boarding pass contains.

The takeaway from this story is simple: don't post your entire boarding pass, no matter how exciting the trip! Even if you do decide to post a picture, be sure to remove the barcode, reference number, and any personal details you don't want the internet to know.

Mr. Abbott has since requested a new passport and may have changed his phone number (despite the hacker never actually calling it). I would also highly recommend reading Mr. Hope's detailed account of the entire incident which is quite humorous and informative.

What do you think of this whole incident? Let us know in the comments below!