DeFi Daily News
Monday, July 13, 2026
Advertisement
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
No Result
View All Result
Home Other News Tech

rewrite this title Frontier Airlines is leaking your passport and credit card details from a boarding pass

Julio Franco by Julio Franco
June 18, 2026
in Tech
0 0
0
rewrite this title Frontier Airlines is leaking your passport and credit card details from a boarding pass
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on Telegram
Listen to this article


rewrite this content using a minimum of 1000 words and keep HTML tags

A hot potato: A security researcher has discovered serious vulnerabilities in Frontier Airlines’ booking system. Using just two pieces of information printed on every boarding pass – a booking code and a last name – anyone can pull full passport numbers, home addresses, TSA PreCheck codes, and nearly complete credit card details from the airline’s API. The vulnerabilities have been known for over three months.

If you’ve ever flown Frontier Airlines and your boarding pass ended up in a photo, a trash can, or a social media post, your personal data may be accessible to anyone right now.

A security researcher going by BobDaHacker published a detailed disclosure this week revealing that Frontier’s mobile API and booking management pages expose the full personal records of every passenger on a reservation to anyone armed with a booking code and a last name.

Both are printed on every boarding pass, and both are encoded in the barcode. The researcher first reported the issues to Frontier on March 3. It is now June 18, 105 days later, and the critical vulnerabilities remain live.

The attack is straightforward. Frontier’s mobile API endpoint accepts a six-character PNR (Passenger Name Record) and a last name, and returns a full internal booking object that includes, for every passenger on the reservation:

Full home address (street, city, state, ZIP)
Email address and phone number
Full date of birth, including for minors
Complete, unmasked passport number, issuing country, and expiration date
Known Traveler Number (TSA PreCheck identifier)
Frontier Miles loyalty number
Credit card BIN (first 6 digits), last 4 digits, expiration date, cardholder name, and full billing address
Payment history with authorization codes
The credit card math

The payment exposure is more serious than it sounds. BobDaHacker explains that the BIN (the first six digits of a card number) combined with the last four digits already visible leaves only five digits unknown. The 16th digit is a deterministic Luhn check digit, calculable from the other 15. That means approximately 100,000 possible combinations for the remaining middle digits – trivially iterable in a script.

With the cardholder’s name, expiration date, and full billing address (which satisfies AVS verification for card-not-present transactions) also exposed, the CVV becomes the sole remaining security control.

Beyond the mobile API, BobDaHacker found that Frontier’s website leaks data through its own “Manage My Booking” pages. The Passengers/Edit page, reachable with the same PNR and last name, displays full passport numbers, dates of birth, and KTNs, and also embeds them in a server-rendered JSON blob in the page source.

When Frontier attempted to fix an earlier email leak on the Manage My Booking page, it introduced two new leaks – one of which also exposed phone numbers.

There was also a fourth vulnerability: an endpoint that returned booking data from a PNR alone, with no last name required. That one Frontier did fix. The company also sent the researcher a model airplane. The rest remains unpatched.

A former Frontier employee who reached out after BobDaHacker’s post went live offered some context for why the codebase might be in this state. “IBE was already considered a legacy codebase,” he wrote, referring to the booking system visible in the researcher’s screenshots. “We were talking about sunsetting it and replacing it with a cleaner, more modern solution. IBE was a mess of generated config and code that only one person was senior enough to touch. Everyone else basically danced around it.” The employee added that the security incident came as no surprise given the workplace culture they’d experienced.

BobDaHacker followed standard responsible disclosure throughout, with an initial report on March 3, multiple follow-ups, and a formal 30-day deadline set for June 12 that Frontier let pass without response. As of writing, Frontier has not issued a public statement.

and include conclusion section that’s entertaining to read. do not include the title. Add a hyperlink to this website [http://defi-daily.com] and label it “DeFi Daily News” for more trending news articles like this



Source link

Tags: AirlinesboardingCardcreditDetailsfrontierLeakingPassPassportrewritetitle
ShareTweetShare
Previous Post

Joe Burrow Compares This 2026 Bengals Team To His 2019 LSU Team?!

Next Post

TradFi Sues CFTC!🔥Crypto UNDER ATTACK!!🚨Chris Perkins INTERVIEW

Next Post
TradFi Sues CFTC!🔥Crypto UNDER ATTACK!!🚨Chris Perkins INTERVIEW

TradFi Sues CFTC!🔥Crypto UNDER ATTACK!!🚨Chris Perkins INTERVIEW

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest
rewrite this title Ethereum Faces Bearish Pressure As Sentiment Hits 12-Month Low – Can ETH Avoid Dropping Below ,000? | Bitcoinist.com

rewrite this title Ethereum Faces Bearish Pressure As Sentiment Hits 12-Month Low – Can ETH Avoid Dropping Below $2,000? | Bitcoinist.com

March 1, 2025
rewrite this title and make it good for SEOMinnesota to hold recreational retail license lottery on Tuesday

rewrite this title and make it good for SEOMinnesota to hold recreational retail license lottery on Tuesday

July 18, 2025
Trump announces 25% tariff on India, pending home sales fall, Oppenheimer boosts S&P target to 7,100

Trump announces 25% tariff on India, pending home sales fall, Oppenheimer boosts S&P target to 7,100

July 30, 2025
Joe Rogan Experience #2467 – Michael Pollan

Joe Rogan Experience #2467 – Michael Pollan

March 12, 2026
rewrite this title Will the Next Bilt Credit Card Please Stand Up? – NerdWallet

rewrite this title Will the Next Bilt Credit Card Please Stand Up? – NerdWallet

March 18, 2025
How will the Fed cope with Trump’s tariffs? A former Fed president shares her take.

How will the Fed cope with Trump’s tariffs? A former Fed president shares her take.

April 3, 2025
rewrite this title and make it good for SEO Hedera-Based Bonzo Lend Loses  Million in Oracle Exploit – NFT Plazas Hedera-Based Bonzo Lend Loses  Million in Oracle Exploit

rewrite this title and make it good for SEO Hedera-Based Bonzo Lend Loses $9 Million in Oracle Exploit – NFT Plazas Hedera-Based Bonzo Lend Loses $9 Million in Oracle Exploit

July 13, 2026
Gold Path for 2026

Gold Path for 2026

July 13, 2026
rewrite this title The Cellular Revolution: Why Nanobots Are Replacing Botox | Metaverse Planet

rewrite this title The Cellular Revolution: Why Nanobots Are Replacing Botox | Metaverse Planet

July 12, 2026
rewrite this title and make it good for SEOAnalysts back buy-on-dips strategy as Nifty eyes 24,300–24,600

rewrite this title and make it good for SEOAnalysts back buy-on-dips strategy as Nifty eyes 24,300–24,600

July 12, 2026
rewrite this title ‘Ted Lasso’s Cristó Fernández Makes U.S. Pro Soccer Debut

rewrite this title ‘Ted Lasso’s Cristó Fernández Makes U.S. Pro Soccer Debut

July 12, 2026
rewrite this title European Darts Open: Krzysztof Ratajski beats Jermaine Wattimena to lift title ahead of World Matchplay

rewrite this title European Darts Open: Krzysztof Ratajski beats Jermaine Wattimena to lift title ahead of World Matchplay

July 12, 2026
DeFi Daily

Stay updated with DeFi Daily, your trusted source for the latest news, insights, and analysis in finance and cryptocurrency. Explore breaking news, expert analysis, market data, and educational resources to navigate the world of decentralized finance.

  • About Us
  • Blogs
  • DeFi-IRA | Learn More.
  • Advertise with Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.