Sites like Foursquare, Yelp, and Facebook have check-in features. A check-in is when you go into an app and tell the world you are currently at a location by “checking in” to that location. So, when you leave your house and go to a restaurant, you may want to check in at that restaurant with incentives like a coupon for checking in or becoming the mayor of that location (a gamification award for checking in more often than others). However, many years ago, a tongue-in-cheek site called Please Rob Me made light of the fact that a robber would know you were not home and burglarize your house.
Fast Forward to today and you hear about celebrities are getting burglarized while they are out-of-town. It seems like there have been plenty of stories about athletes getting burglarized during times most people would know they are playing games, especially while playing on the road (away from home).
Interestingly, some of the celebrity burglaries were related to social media posts they had made:
The burglary crew scoured celebrities’ social media posts and noted when they’d be away from home.
While we aren’t all celebrities, we post information on social media or check in on social media to let people know we are away from home.
Some social media users are even posting pictures of their tickets on social media. Tickets to ball games, travel tickets, etc. These are even more troublesome than simply checking in. One reason is that it may tell people how long we will be gone as well (when that info is provided on a travel itinerary or if we generally know how long games are).
There are plenty of other reasons not to post a ticket on social media:
Let’s see what an adversary can do with a photograph of my boarding pass:
- Get my full name
- Get my seat, flight time, destination
- Get my PNR and E-ticket number (starts to get bad from here)
- Login to the Airlines’ website via my name and PNR
- See my email-id, phone number, home address, other booked flight details (worse coming up)
- Cancel my upcoming flights
- Modify my name, phone number, email-id
So while you might like to share your excitement of getting tickets to the big game or booking a flight to Hawaii, you might reconsider (or at least black out private/sensitive information, including the barcode which can be used to get to that same private data).