The e-ticketing systems of eight major airlines have been found to have vulnerabilities that could allow hackers to print out boarding passes.
Mobile security firm Wandera published a report pointing to the system’s lax security in check-in emails delivered to passengers.
The airlines that were identified as risky by the researchers include Southwest, Air France, KLM, and Transavia, Vueling, Jetstar, Air Europa, and Thomas Cook.
There are currently no reported breaches, though Wandera suggests that people’s personal information could be exposed.
The problem comes from the use of unencrypted check-in links that are sent to passengers via email. When a person clicks on the link they are redirected to a site to check in, make changes or print their boarding pass.
Due to the lack of encryption of these links, Wandera highlights the fact that hackers connected to the same Wi-Fi network could intercept the link to request and gain access to personal data, such as passport and ID numbers.
Travellers can avoid the risk by ensuring they only visit check-in links on a secure network.