We are traveling at the moment, and I just went down to the hotel business center to print off a document.
This hotel is using Microsoft boxes, so as I’m floundering around looking for how to access my USB stick, I end up in a browser and I see the desktop.
On top of a PDF for an upcoming Gartner seminar on computer security which had me wondering if there would be a mention there of not leaving business documents on hotel computers, I found several boarding passes.
Do not leave boarding passes in public.
Whether they’re paper copy or digital, those bar codes are a portal into your identity, and this article from Krebs on Security from 2015 takes you through exactly how hackers can get into your affairs from a simple bar code on that pass.
Even the website mentioned in that article, which reads boarding pass bar codes is still online.
It gets worse
In the web browser on the public computer, somebody had added a browser shortcut to their Gmail inbox – and it was still logged in!
I clicked the “Sign Out” button for this person, hopefully nobody nefarious got in there.
It is sometimes easy to let one’s guard down while on vacation. You’re trying to decompress, but you still need to take fairly basic precautions:
- Keep all your paper copies: hotel invoices, boarding passes, etc – stick them in a pocket in your carry on or whatever, keep them in one place and bring them home for proper disposal (ideally, shredding).
- For God’s sake: logout any sessions you log into from a public computer.
- If you have a laptop with you, put the lock screen on any time you are away from it – even when it’s in your hotel room. Ideally have your drive encrypted and device tracking enabled.