When Tony Abbott posted a picture of his boarding pass on Instagram, he was doing something that many of us have been guilty of, before we were all locked inside the country anyway.
Now, in a warning shot for braggy Aussies posting airport pictures on social media, it has been revealed it took just 45 minutes for hackers to get the former Prime Minister’s private details from the seemingly innocuous post.
Australian tech expert Alex Hope said he was able to obtain Mr Abbott’s phone number and passport details from the Instagram post in March.
“A big thank you to all the team on QF26 from Tokyo. Hope to see you flying again soon!,” Mr Abbott captioned the photo, which has since been deleted.
Mr Hope said he took up the challenge to hack a former Prime Minister after a friend in his group chat posted the image from Mr Abbott’s Instagram account and dared him: “can you hack this man?”.
Tony Abbott posted the picture back in March. Picture: InstagramSource:Twitter
The self-described “hacker” said he simply used the details from the image on Mr Abbott’s Instagram to log into Qantas’ booking page.
He was able to read the HTML code and find Mr Abbott’s phone number and passport number.
In a blog post, he said he tried for six months to alert Mr Abbott to what had happened.
“I had Tony Abbott’s passport number, phone number, and weird Qantas messages about him. I was the only one who knew I had these,” he wrote.
“Anyone who saw that Instagram post could also have them. I felt like I had to like, tell someone about this. Someone with like, responsibilities. Someone with an email signature,” he added.
Mr Hope said he tracked down Mr Abbott’s personal assistant down after many months of trying. He then had a quick chat with Mr Abbott one-on-one.
“Mostly, he wanted to check whether his understanding of how I’d found his passport number was correct (it was). He also wanted to ask me how to learn about ‘the IT’,” he said.
“He asked some intelligent questions, like ‘how much information is in a boarding pass, and what do people like me need to know to be safe?’, and ‘why can you get a passport number from a boarding pass, but not from a bus ticket?’.
“The answer is that boarding passes have your password printed on them, and bus tickets don’t. You can use that password to log in to a website (widely regarded as a bad move), and at that point all bets are off, websites can just do whatever they want.”
Mr Abbott has recently been appointed as a British trade envoy in Boris Johnson’s Conservative government. Picture: Mark Graham / AFPSource:AFP
He also claims in his blog that after informing Qantas in March, the airline company told him they fixed the bug in July.
The hacker said he hoped the incident would make people think twice about what they post to social media.
“The point is that if someone famous can unknowingly post their boarding pass, anyone can,” Mr Hope wrote.
Qantas say they have tightened their protocols and continue to urge passengers to keep their booking details private.
“Our standard advice to customers is to not post pictures of the boarding pass, or to at least obscure the key personal information if they do, because of the detail it contains,” a spokesperson said.
Mr Abbott has since been issued a new passport number.
trending in travel
Source: Read Full Article