Former PM Tony Abbott posted his boarding pass photo publicly, exposing his booking reference.
The blogger read the booking reference, logged into Qantas’s Manage Booking page with it and Tony Abbott’s surname.
Using browser developer tools, they discovered Tony Abbott’s passport number, phone number, and internal Qantas staff comments.
The issue was reported responsibly to the Australian Signals Directorate, and legal advice confirmed no crime was committed.
Qantas was notified, and after several months they removed passport details from the public booking page.
Tony Abbott’s office was contacted, he personally thanked the blogger and gave permission to publish the story.
Takeaway: Boarding passes contain login credentials—do not post them online to protect your personal data.
Get notified when new stories are published for "🇺🇸 Hacker News English"