You may not believe it, but Tony Abbott is not that different from you or me. Like many of us, the former prime minister enjoys using social media to post about his life. But one of his recent posts may have revealed more than he intended.
On Wednesday, Australian hacker Alex Hope posted a blog post claiming he could find Abbott’s passport number and phone number from an Instagram post he wrote earlier this year.
The post? An image of Abbott’s Qantas boarding pass with a caption thanking its flight crew.
How did a boarding pass Instagram post reveal Tony Abbott’s personal information?
Hope said that one afternoon earlier this year, Abbott’s post was posted in a group chat with a request, “Can you hack this man?”
After doing some research, Hope said he used an old-fashioned boarding pass booking reference number and Mr. Abbott’s name to access Qantas’ Manage Booking Page. The page includes his name, when the flight was and his frequent flyer number.
But here it gets hot. Hope claims that by checking the page’s HTML (which you can easily access in any web browser) he was able to read Abbott’s passport number, phone number, and employee comments on his specific seat requests and a fast lane
For the past six months, I’ve been secretly participating in the Do Not Get Arrested Challenge 2020. https://t.co/OCvJKODTTZ pic.twitter.com/cnx4Bnj7cp
– “Alex” (@mangopdf), September 16, 2020
Hope continues to share his efforts to contact Abbott, Qantas, and the government about how he could access this information.
Qantas and Abbott did not immediately respond to the request for comment.
Lessons from Abbott’s boarding pass Instagram post
Hope told Gizmodo that while the story focuses on Abbott, he hopes people will see the need to be careful about what they post online
“The PSA is’ boarding passes are secret, like passwords, so don’t post them,” he said.
He was also surprised at how difficult it was to actually report the exploit so that it could be fixed.
“Revealing the exposed passport number to the government was relatively easy,” said Hope. “But yeah, Qantas had big problems back then, they still are, so it was difficult to find the right person to talk to.”
Hope said that Qantas claims they fixed the bug – which is why he’s now made this public – but he has no way of knowing for sure. But he also hopes that his statement will encourage more people to look for such vulnerabilities.
“Hacking sounds so mysterious (not that there is anything in this post that resembles sophisticated hacking) so I want people to feel like they can, too,” he said.