Former Australian PM Tony Abbott has been hacked after posting a photo of his boarding pass onto social media platform instagram, where a hacker was able to access sensitive information of the former MP.
Before boarding a flight from Sydney to Tokyo on March 21st, the former PM posted a photo of his boarding pass to Instagram, where a hacker was able to uncover sensitive information in just 45 minutes.
The hacker in question, Alex Hope, says he attempted to contact Tony Abbott directly to inform him of the breach of his information.
“He was then able to log in to Mr Abbott’s booking and search through HTML code to find his passport number and phone number.”
According to a report from the BBC, “Mr Hope said he received a message from a friend daring him to hack the former prime minister as they had recently been discussing the dangers of posting your boarding pass online.”
Mr Hope was able to access sensitive information of the former prime minister after noticing the booking reference was printed on the boarding pass. With a combination of Mr Abbott’s last name and booking reference, Mr Hope was able to log on to Qantas’ booking system.
“He was then able to log in to Mr Abbott’s booking and search through HTML code to find his passport number and phone number. The code also included conversations with Qantas staff about Mr Abbott,” writes the BBC.
Mr Hope wrote on his blog that “I had Tony Abbott’s passport number, phone number and weird Qantas messages about him. I was the only one who knew I had these.”
He continued to explain that “anyone who saw that Instagram post could also have them. I felt like I had to like, tell someone about this. Someone with like, responsibilities. Someone with an email signature,” he said.
Mr Hope then contacted the Australian Signals Directorate to inform them of his actions, and how much information he had gained on the former prime minister, to which they thanked Mr Hope for alerting them, and initiated an investigation.
To find out more about an Information Security Management System like ISO 27001, Click Here for your Free Gap Analysis Checklist.
Mr Hope was able to get in contact with Mr Abbott’s assistant, who said that the former PM had been notified of the data breach, and had already taken steps to obtain a replacement passport. A spokesperson for Tony Abbott has told SBS News that “Mr Hope brought this issue to the attention of the relevant bodies earlier this year and it has since been resolved.”
The two reportedly had a conversation about the basics of cyber security, with Mr Hope claiming that Tony Abbott asked whether or not there was “a book about the basics of IT.”
“He asked some intelligent questions, like ‘how much information is in a boarding pass, and what do people like me need to know to be safe?’ as well as ‘why can you get a passport number from a boarding pass, but not from a bus ticket.”
“The point of this story isn’t to say ‘wow Tony Abbott got hacked, what a dummy… the point is that if someone famous can unknowingly post their boarding pass, anyone can,” Mr Hope added.
Qantas has said that its IT team patched the potential vulnerability in its network back in July, thanking Mr Hope for bringing it to their attention.
“Our standard advice to customers is to not post pictures of the boarding pass, or to at least obscure the key personal information if they do, because of the detail it contains,” Qantas said.
Don’t forget to check our News page for the latest industry-relevant news, how-to guides and ISO-explainers