With a recent survey suggesting that that almost 85% of travellers are worried about being hacked while travelling, cybersecurity experts say that those risks increase drastically for those who share too much information about their vacation online.

An “airport selfie,” or a photo of a traveller’s boarding pass and a passport, is a popular way to let social media followers know they are going abroad. However, a boarding pass contains personal information that can help hackers to ruin the vacation.

“Even if only the barcode of your flight ticket is visible in the picture, hackers can scan it and find out such information as a traveller’s full name, reservation number, passenger name record, and sometimes even contact information,” says Adrianus Warmenhoven, a cybersecurity expert at VPN service provider NordVPN. “This data can later be used by the hacker to ruin a traveller’s vacation by cancelling their return flights, stealing money from their payment cards, or even stealing their identity.”

What can a hacker do with the information from your boarding pass?

After scanning the barcode, hackers can use the data to get into a passenger’s airline account, steal their mileage points, or change details for upcoming flights.

Suppose the passenger is not a frequent traveller and they have not collected many mileage points for criminals to steal. In that case, a hacker might call a traveller up during their trip pretending to be the airline representative and ask for credit card details to confirm a return flight, for example.

Cybercriminals can also gather more information about their victim on social media and then try to call the airline, pretending to be a traveller. Boarding pass information and other valuable details they may find online can help criminals trick even the most secure travel agency or airline company into sharing their customer’s information.

After collecting this huge amount of data about their victim, criminals can proceed to sell this data on the dark web or even worse, steal the victim’s identity, enabling the hacker to commit fraud like opening credit card accounts or making unauthorized purchases.

A safe way to share vacation photos online

“While posting your boarding pass is never safe, there are ways to share your vacation with your followers and stay secure online at the same time,” says Warmenhoven. They include:

• Always post photos after you are back from vacation. It’s better to hold off posting photos or information that indicates you’re vacationing while you’re away. Don’t let your followers know your home is empty at the moment.

• Make sure your account settings are set to private. One of the most important pieces of information to know before you post anything online is who you’re sharing your information with. Make sure that your account settings are set to private and your posts are visible to your friends only instead of everyone on the internet.

• Never share personal information on social media. Remove personal details, such as your home address and telephone number, from your profile pages because there, they are easily accessible by anyone. Don’t make status updates sharing your location. And never post photos of your passport, plane tickets, or any other documents.

• Be careful with free public Wi-Fi. If you eventually decide to post anything online while abroad, ensure your connection is secure. Cafés, shops, and even hotels offer unsecured Wi-Fi networks. Users need to be especially cautious when connecting to these networks because they are easily monitored. Hackers may position themselves as a Wi-Fi hotspot or use special software to steal data from unprotected networks. One of the best ways to safely use public Wi-Fi is by installing a virtual private network (VPN).