Enlarge image
Lufthansa boss Spohr
Photo:
SASCHA STEINBACH / EPO
Lufthansa boss Carsten Spohr fell victim to a gap in his own IT system.
The QR code on one of his boarding passes allowed strangers to gain access to the CEO's details, including his email address and cell phone number.
The reason is a loophole that the company is aware of.
In addition to information about a specific flight, boarding passes also contain other sensitive data, such as the service card numbers of frequent flyers.
Together with the surname of the respective customer, the pending booking can be read out on the Lufthansa website, boarding cards can be printed or the shipping methods for boarding documents can be changed.
An additional pin is only required to log into the customer's user profile.
Treat like cash
A Lufthansa spokesman confirms that the information contained in the boarding pass can be used to read data about a current booking and any cell phone numbers or e-mail addresses, provided these are stored.
Although there is "no security risk", the company is working on new standards for the industry via a business unit called "Digital Hangar".
Otherwise, however, the protection of the data is in the hands of the customers: “We recommend our passengers to be very careful with the flight documents.
They are to be treated like cash.” A piece of advice that Spohr apparently did not heed.
rai/mum