How the Qantas Frequent Flyer program taught me about bad security practices
I got three push notifications just as I got to my seat before I left to Melbourne from Dubai.
One from Instagram, as a comment to something I posted on an Instagram story: “You should delete this.”
One from Facebook Messenger: “Hey. Are you still in Dubai?”
One from Gmail: “TERENCE, your Qantas Frequent Flyer PIN had been reset.”
I didn’t reset my PIN.
Well, fuck.
“I didn’t believe it would be that easy.”
Turns out, one of my friends wanted to test out Qantas’ security processes and tried to reset my PIN (and, obviously succeeded). He told me later that he “didn’t believe it would be that easy” and “please don’t sue [him]” (I’m not.)
He managed to get my Qantas Frequent Flyer number from my Instagram story, which I accidentally posted. Thankfully, I’m not one of those Instagram “influencers” that get many views—the audience was limited to just my friendship circle.
He also answered all the security questions based on information he got just by browsing my Facebook profile.
I wish I could say I couldn’t believe that he managed to get all of the information he…