Former Aussie PM’s Passport Details and Phone Number Obtained by Hacker Following Social Media Post

Former Australian Prime Minister Tony Abbott’s passport details and personal phone number were obtained by a hacker, it has been reported.

Writing on his personal blog, Australian hacker Alex Hope outlined that he was able to gain this sensitive information after Abbott posted a picture of his boarding pass back in March 2020 on the social media site Instagram. Hope said he was able to log in to Abbott’s online booking page with Australia’s national airline carrier Qantus, by typing in the reference number displayed on the boarding pass.

He then gained Abbott’s passport and phone number, as well as staff comments about the former Prime Minister’s seat requests, by using the page’s HTML code. 

However, Hope did not reveal these details, and instead took steps to firstly inform the Australian government of what he had done and then Qantus regarding the flaw on the booking page that enabled these details to be accessed. Following initial correspondence, the latter informed Hope five months later that the bug in question had been fixed.

Hope was eventually also able to contact Abbott’s staff, who informed him that they were aware of the situation and were in the process of getting a new passport for the former PM.

Abbott himself, who has recently been appointed as an official UK trade advisor, then phoned Hope to discuss the incident, requesting more information about how it occurred.

Quoted in The Guardian, a spokesman for Abbott said: “Mr Hope brought this to the attention of relevant bodies earlier this year, and it has since been resolved.”

Commenting on the story, Jake Moore, cybersecurity specialist at ESET, said: “Few people realize the dangers of photographing seemingly innocuous information such as plane tickets and then posting it on social networks. Yet, as we have seen here, the internet can easily carve up personal details after a little trawling. Many airlines now require information such as a username and password to obtain more personal details, but there are still a number of providers where only the ticket reference from the boarding pass is needed to unravel the more private details on anyone who flies with them.

“Many people now live their whole lives through social media and give little thought to the consequences of what might happen should personal data get into the wrong hands. We need to educate those users and remind them to think twice when posting sensitive information. Furthermore, information that seems trivial to them could just be the missing piece in the jigsaw to a cyber-criminal.”

What’s Hot on Infosecurity Magazine?