Sorry if this is already elsewhere on the forums but I don't see it here:
The Guardian has a story on a guy who threw away his boarding pass (http://www.guardian.co.uk/idcards/story/0,,1766266,00.html) which had his name and FF number on. The Guardian's reporter picked it up and was able to book a flight in the guy's name and by inputting the FF number during the ticket purchase got his passport number etc. etc.
As a BA FF holder I am very annoyed if this is possible - I usually log in at the start of the process but would have expected entering an FF number later in a manner that would disclose information to require a pin number.

Originally seen on Slashdot (http://yro.slashdot.org/article.pl?sid=06/05/04/1218232&from=rss).

The article also says that BA have closed the loophole - so no worries!

TP

''The article also says that BA have closed the loophole - so no worries''


There's always another loophole , it just takes time before somebody finds it :E

I ALWAYS make sure I tear up completely any private things like this, credit card bills, even receipts where I have paid by card, so to a certain extent it is the fault of the pax, but on the other hand I dont account for journalists snooping around like rats in the garbage. In fact it is jounalists who are half the problem and the cause of most "security alerts" at airports.

Having said that, on some airlines, FR comes to mind, when I type my first and surname into the booking page my entire address comes up and then it asks "is this the correct address?" which I am not too keen on.

XSB

- I agree with Mike Jenvey - I don't quite see how this could happen. In order to access one's Executive Club information online not only is the Membership Number required but also a 4-digit PIN. So unless, having gotten the Membership Number, the newspaper/journalist ran a program to generate a PIN, I just don't see how a regular access user (not a hacker) could have achieved this.

As XSBaggage does, I too tear up all slips and even remove the luggage tags once I am through Arrivals. I am, however, still way surprised at the number of people I see going on vacation/flight who have their name and home address on labels.

Another tip, off-topic, is NEVER pre-book a return cab ride to home from the airport. 8 years ago I was burgled while returning from California and police believed it was someone with access to the cab company booking-book as I had telephoned the day before departure to make the arrangements :ok: I was also advised never to tell a cab driver that you are heading far away (however excited you might be) - always imply you are heading up to see Granny in Scotland or something!! :ok:

using the frequent flyer number on his boarding pass stub, without typing in a password

A big claim to make if it wasn't possible.

I suspect the trick was probably that they actually bought a ticket on behalf of the guy.

Quite possible the system assumed that anyone making payment had to legitimately be the person to whom the frequent flyer number was linked.