The wait one has to endure to retrieve one’s luggage from the conveyor belt after a flight is extremely time-consuming and frustrating. But the situation gets worse when you just can’t locate your luggage after a long wait.
A similar thing happened with Nandan Kumar, a software engineer traveling from Patna to Bangalore on an IndiGo flight. Kumar’s luggage was mistakenly picked up by a co-passenger and the incident snowballed into a larger storyline that prompted Kumar to use his developer skills for good.
Kumar shared his story of recovering his baggage and simultaneously pointed out the security flaws of the IndiGo website.
“So, I traveled from PAT – BLR to indigo 6E-185 yesterday. And my bag was swapped with another passenger. Honest mistake on both sides. As the bags were exactly the same with some minor differences,” Kumar wrote in the tweet.
He then clarified that he called the customer service number and followed all protocols to locate his lost luggage.
I only realized this after getting home when my wife pointed out that the bag seemed to be different from ours as we don’t use key locks in our bags.
PS: We trust airline staff too much
So, right after I got home, I called your customer service. 3/n—Nandan kumar (@_sirius93_) March 28, 2022
Now the story gets interesting. “Long story short, I couldn’t get a resolution to the issue. And neither was your customer service team ready to provide me with the person’s contact details, citing privacy and data protection,” said Kumar, however, he did not receive any call from a customer service agent even the next day.
When the call didn’t work, the agent assured me that he would call me back when he managed to reach the other person. (I’m still waiting for that call) 6/n pic.twitter.com/uy7tkqWUO7
—Nandan kumar (@_sirius93_) March 28, 2022
After many failed attempts to locate the co-passenger, Kumar decided to pull out the big guns. “After all the failed attempts, my developer instinct kicked in and I pressed the F12 button on my computer keyboard and opened the dev console on the @IndiGo6E website and started the whole recording flow with network log logging,” he wrote.
For all non-techy readers, when you press F12 it opens a set of developer tools. It helps engineers examine requests and responses sent and received to and from a website server.
So now, after all the failed attempts, my developer instinct kicked in and I pressed the F12 button on my computer keyboard and opened the dev console on the @IndiGo6E website and started the whole logging stream with network logging enabled.
9/n—Nandan kumar (@_sirius93_) March 28, 2022
Kumar managed to locate the co-passenger and swapped his bag. He also shared a list of IndiGo security vulnerabilities to review.
Expensive,@IndiGo6E take note
1. Fix your IVR and make it more user-friendly
2. Make your customer service more proactive than reactive
3. Your website is leaking sensitive data, get it fixed.—Nandan kumar (@_sirius93_) March 28, 2022
IndiGo responded with a note saying they were sorry for the inconvenience and assured the website had no security vulnerabilities.
— IndiGo (@IndiGo6E) March 29, 2022
The tweet thread amassed over 5,000 likes and numerous reactions. People totally supported Kumar and shared their experiences with the airline.
Are any Indian airlines GDPR compliant? You can very well sue Indigo in this case of private data leakage.
— Virender Jamnal (@virendersj) March 28, 2022
In my 15 year career in aviation, this is surely the most amazing and epic way a passenger has solved their question on their own. I will surely contact you in the future if I ever need specific information. Hats off
— Siddharth Agarwal (@discoversidd) March 28, 2022
Interesting. Moral of the story. Always check the label before removing the belt. Even if the bag looks exactly like yours (with a ribbon on the handle). Not everyone can hack!!
—Usha (@upratap09) March 29, 2022
What do you think of this story of “hacking for a cause”?
