Taiwan CERT Warns: Sharing Ticket Photos Online Risks Data Theft, Flight Alterations

Taiwan's Computer Emergency Response Team (CERT) is urging the public to exercise caution when sharing photos of flight tickets and concert passes online. The agency warns that these seemingly innocuous images can expose sensitive personal information, potentially leading to severe consequences.

According to the CERT, barcodes and QR codes on tickets contain vital data, including passenger names, booking reference numbers (PNR), flight details, and membership IDs. Malicious actors can exploit this information by scanning photos shared on social media. With just a name and booking code, they can access airline websites to alter flight schedules or even customize in-flight meals.

The risks extend to concert tickets as well. A compromised QR code can allow unauthorized individuals to enter events early or be resold at inflated prices. The original ticket holder could then be mistakenly implicated in scalping activities.

To mitigate these risks, the CERT recommends several protective measures. Primarily, avoid sharing photos of tickets altogether. If sharing is unavoidable, ensure that barcodes and QR codes are completely obscured. Physical methods, such as covering the codes with a hand or an object, are more effective than partial digital redaction, as QR codes have robust error correction capabilities that can still allow data recovery even when partially covered. After use, tickets should be thoroughly destroyed before disposal to prevent misuse.