Boarding passes used to have a magnetic stripe on the back that stored relevant boarding information. The forms were not only expensive, but web check-in was completely impossible. Gradually, barcodes and QR cords established themselves as successors. But the "barcodes" also have pitfalls, as Lufthansa boss Carsten Spohr found out firsthand.

In times when cell phones could be used to write text messages, make phone calls and, at most, play snake, the risk of "data leaks via the boarding pass" was of secondary importance. In the meantime, you can read the QR codes without any problems even with free apps and get to the data they contain in a fraction of a second.

As a rule, the ticket number and/or booking code are included. This is already the "key" to get the personal data of the passenger with many airlines. With Lufthansa, for example, it is sufficient to enter the booking code or ticket number and the name of the passenger. The latter is logically also included in the QR code, because this is primarily used for boarding.

Consumer protection associations, but also airlines themselves, have been warning for many years that one should be careful with boarding passes. In particular, you should not simply throw them away after the flight, because the QR codes are the key to accessing sensitive data. Lufthansa CEO Carsten Spohr does not seem to have taken the advice given by the group he manages very seriously.

A lot of data quickly with little effort

So it happened as it had to: As the news magazine "Der Spiegel" initially reported, an unknown person is said to have fished out a boarding card that Spohr had thrown in a garbage can. The QR code was then read. With the name "Carsten Spohr" and the PNR it contained, it then went to the Lufthansa homepage. The booking could be called up and data such as his cell phone number and his personal e-mail address were visible without further security queries. Just like logging into your own booking.

The fact that he himself fell victim to a data leak due to a little carelessness must have come as a real shock to the Lufthansa boss. Based on his own experience, the manager now warns that passengers should treat their boarding passes or the QR code on them with care like cash. Previously, Spohr himself had probably not fully believed that a simple QR code on a boarding pass was sufficient to gain access to personal data within seconds.

As a rule, all sorts of personal data are stored in the menu, which is accessible via the booking code (or ticket number) and name via the Lufthansa homepage. You can see where the journey is going, how much the ticket cost, the frequent flyer card is visible and can even be changed and, if entered beforehand, you can also see your mobile phone number and e-mail address. In theory, you can even cancel or rebook bookings under certain circumstances. Lufthansa is therefore now expressly warning that boarding cards and their QR codes should be treated with care like cash and not simply thrown into the nearest garbage can after the flight.

Be careful with internet photos

The fact that Lufthansa boss Carsten Spohr caught it himself is of course a curious coincidence. However, it can happen to almost any passenger if the barcode falls into the wrong hands. Of course, not only the Kranich Group is affected, but with almost all airlines you can simply log in to the homepage with data obtained from QR codes and read out the data. Only with a few carriers you can't do anything with it because an additional login, for example a customer account, is necessary. It can be assumed that Spohr himself will drive changes at Lufthansa.

Even if many travelers enjoy posing with their boarding passes – whether on paper or digitally on a smartphone – for photos that are then posted on social media, it should be noted that the QR codes are also read then could. Simple trick: simply cover the barcode and the ticket number or the PNR with your hand and the happy holiday photo is already secure against data leaks.