Tony Abbott hacked after posting boarding pass on Instagram

  • Published
Tony AbbottImage source, Reuters
Image caption,
The hacker said Mr Abbott spoke with him over the phone about the data breach

Former Australian Prime Minister Tony Abbott had his phone number and passport details obtained by a hacker after posting a picture of his boarding pass on Instagram.

Hacker Alex Hope said he uncovered Mr Abbott's details from his Qantas boarding pass in just 45 minutes.

He then spent months attempting to contact Mr Abbott to alert him of the security breach.

Qantas said it had now updated its cyber security protocols.

Mr Abbott posted an image of a boarding pass for his flight from Sydney to Tokyo on 21 March on his Instagram account, thanking the crew.

Mr Hope said he received a message from a friend daring him to hack the former prime minister as they had recently been discussing the dangers of posting your boarding pass online.

The hacker explained in a blog post published on Wednesday that he was able to find Mr Abbott's information because his booking reference was printed on the boarding pass.

He was then able to log in to Mr Abbott's booking and search through HTML code to find his passport number and phone number. The code also included conversations with Qantas staff about Mr Abbott.

"I had Tony Abbott's passport number, phone number and weird Qantas messages about him. I was the only one who knew I had these," Mr Hope said in a blog post.

"Anyone who saw that Instagram post could also have them. I felt like I had to like, tell someone about this. Someone with like, responsibilities. Someone with an email signature."

Mr Hope said he contacted the Australian Signals Directorate which handles cyber security. They thanked him for bringing the issue to their attention and said they would investigate.

He then spent months attempting to contact Mr Abbott's staff to inform them of the situation. He said he did not want to call Mr Abbott on the personal number found in the HTML code.

After some time, he was able to contact Mr Abbott's personal assistant who confirmed he knew about the breach and was in the process of obtaining a new passport number for him.

Mr Hope claimed in his blog post that Mr Abbott asked to speak with him about the information he obtained. Mr Hope said the former prime minister asked him about what people need to know to be safe. He also claims Mr Abbott asked him if there was "a book about the basics of IT".

"The point is that if someone famous can unknowingly post their boarding pass, anyone can," Mr Hope wrote.

Image source, Reuters
Image caption,
Qantas said it fixed the issue several months ago

A spokesperson for Mr Abbott told SBS News: "Mr Hope brought this issue to the attention of the relevant bodies earlier this year and it has since been resolved."

Mr Hope said Qantas told him that they fixed the issue in July.

Qantas confirmed Mr Hope's story and told SBS News that they were thankful to Mr Hope for bringing the issue to their attention. They confirmed that it had been fixed several months ago.

"Our standard advice to customers is to not post pictures of the boarding pass, or to at least obscure the key personal information if they do, because of the detail it contains."