
Where in the World Is Carmen Sandiego? Becoming a Secret Travel Agent [video] - jc4p
https://media.ccc.de/v/33c3-7964-where_in_the_world_is_carmen_sandiego
======
sleavey
This is just incredible. It turns out that the booking references (usually 6
digits) used for all flights around the world can be used to access much more
private information for travellers. These codes can be read from for example
boarding cards, of which there are plenty posted on sites like Instagram. With
a code and surname, the email address, mail address, phone number, frequent
flyer number and other information can be accessed using weakly secured
websites. It doesn't even need to be the airline the booking was made from,
because they all accept and share the same booking codes.

The researchers showed that it was possible to find booking codes with open
ended tickets, leaving the possibility of someone getting a free flight by
changing the booking.

The airline booking systems are in need of a major overhaul, but the airlines
clearly don't care enough right now. Hopefully this is a catalyst for change.

