I would have said it couldn't be done, but they did it and with just the stub of a boarding pass
. Here's how -
We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.
Interesting read...it definitely is scary...but there is so much out of our control...they'll just ride roughshod over us anyway. It's good to be informed though. Thanks.
Sumo, the interesting thing is that this was not a sophistocated attack. The hole in BA's system that they exploited is one you could drive a truck through. I'm more disturbed that BA's security around their frequent-flyer accounts is so badly flawed. Makes me wonder if you could pull that same trick with airlines I *DO* fly?
Incredible in these times of "terror" that such a security breach is possible..