Finding a former Australian prime minister’s passport number on Instagram (2020)
47 comments
·June 29, 2025broodbucket
The story is a lot more enjoyable in conference talk form than written form imo https://www.youtube.com/watch?v=lijyQ_HAysA
Bilal_io
I believe this is the same story covered by Dark Diaries. Very interesting story. https://darknetdiaries.com/episode/84/
bawolff
How sensitive is a passport number actually? At first glance it seems like it should be, but is it actually? I honestly don't know.
selcuka
Online systems sometimes use it as an indicator to prove your identity. When combined with other sensitive data it can be useful for an identity thief.
Edit: The blog post also mentions this:
https://mango.pdf.zone/finding-former-australian-prime-minis...
moralestapia
Can you provide just one example of said systems?
selcuka
Sure:
- https://www.myid.gov.au/verifying-your-id-in-myid#myid-Austr...
- https://www.afp.gov.au/sites/default/files/PDF/NPC-100PointC...
- https://www.equifax.com.au/personal/identity-verification-10...
The blog post has more use case examples:
https://mango.pdf.zone/finding-former-australian-prime-minis...
crazylogger
US I-94: https://i94.cbp.dhs.gov/search/history-search
Knowing the passport number + name + birthday gives you access to someone's US travel history.
throwaway422432
Look up Australia's 100 point proof of identity which is used by Gov and most corporate entities in Australia.
A passport is a primary document (equivalent to a birth certificate) and gives you 60-70 points. It can't be used alone, but in conjunction with another id (forged or stolen) would allow for identify theft.
phs318u
Understanding that Australia doesn't have a Social Security ID (as the US does), might explain why passports play a similar role with respect to "proof of identity".
dafelst
There is an example in the article
SchemaLoad
Pretty sure you can use one to sign up for a phone number in Aus
tomhow
Previously:
Finding a former Australian prime minister’s passport number on Instagram (2020) - https://news.ycombinator.com/item?id=34966909 - Feb 2023 (41 comments)
When you browse Instagram and find Tony Abbott's passport number - https://news.ycombinator.com/item?id=24488224 - Sept 2020 (340 comments)
jampa
Reading the "Why is it bad for someone else to have your passport number?" is scary, especially since when traveling to countries like Spain and Italy, every Airbnb / Hotel requires you to send a picture of your passport. Japanese stores take your passport stamp picture for their tax-free, which contains the number on the page. Some embassies even take your passport for a few days before returning it with the visa.
Why do we treat passport numbers as passwords instead of a login?
raron
> Why do we treat passport numbers as passwords instead of a login?
Because some stupid people thought that photos of passports have any security / validity (including banks, brokerage firms). Interestingly none of them would accept photos of cash as payment though.
creakingstairs
I once checked in at a pretty decent hotel in India and realised that they used re-used customers passport scans and invoices to print wifi coupons! I strongly complained but I don’t really know if they’ve changed.
moneywaters
Also a security tip, mosaic like he used in the picture is not a safe way to hide sensitive data, especially the one that has movement like in the gif where he is scrolling down, the mosaic changes and gives more data to reconstruct original. The safe way is to fully black out, but be wary of not plain color almost opaque marker tools, it could look like black out but playing with contrast will still reveal the data.
ethan_smith
Despite being from 2020, this vulnerability persists in 2025 with many airlines still exposing sensitive data on boarding passes and luggage tags, making "don't post your boarding pass" still relevant security advice.
protocolture
I love this blog post. Its a classic.
null
coffeecoders
Love the humor. I am a fan of Alex's writing style!
LorenDB
It's a shame he apparently no longer blogs. His posts are gold.
ViscountPenguin
They/them based on their socials (and iirc, I think that's what they went by at Crikeycon) https://x.com/mangopdf
imarkphillips
What a great story teller! Well done Alex.
Earth revolves around the Sun? Let's see. In a twin-star system which one is going around the other? Let's make one of them have higher mass. Did the heavier one completely stop going around, or does it still wobble a bit? That wobble mean the heavier one is still going around their common center of mass. Also, since there is no static fixed point in the space, the interpretation of movement of Sun and Earth could be very subjective to the reference frame selected. There is nothing wrong if someone wants to consider Earth as that fixed point for some arbitrary local reference frame. Infact, a lot of calculations that matter to human life on Earth require that.