Eric Auchard reports:
Major travel booking systems lack a proper way to authenticate air travelers, making it easy to hack the short code used on many boarding passes to alter flight details or steal sensitive personal data, security researchers warned on Tuesday.
Passenger Name Records (PNR) are used to store reservations with links to a traveler’s name, travel dates, itinerary, ticket details, phone and email contacts, travel agent, credit card numbers, seat number and baggage information.
The six-digit codes act as pincodes for locating travel records, albeit with vital differences that make them highly insecure compared with even the simple usernames and passwords that consumers use to access email or websites, the researchers said.
Read more on Reuters.