Passenger hacks IndiGo website to find ‘lost bag’; the airline responds


A passenger hacked into the IndiGo airline website to discover his “lost” luggage. The passenger, named Nandan Kumar, who hacked the website, shared the incident on Twitter. Kumar writes that on March 27, he boarded IndiGo flight 6E-185 from Patna and his bag was swapped with another passenger. “Honest error on our side. As the bags are exactly the same with some minor differences,” Kumar wrote.

Kumar said he discovered the missing bag when he arrived in Bengaluru. “I didn’t realize it until after I got home when my wife pointed out that the bag seemed to be different from ours because we don’t use key locks in our bags,” Kumar said.

Subsequently, he dialed IndiGo customer service and found no solution. he said IndiGo did not share details of the co-passenger citing privacy and data protection.

“After the call didn’t go through, the agent assured me that he would call me back when he was able to reach the other person,” Kumar added.

The next day, Kumar started digging on the IndiGo website trying the co-passengers PNR which was written on the bag tag, hoping to get the address or contact number.

This attempt by Kumar also failed. Afterwards, he said he pressed the F12 key on his computer keyboard and opened the “developer console on the IndiGo website started the whole verification flow with network logging enabled. “.

Finally, Kumar found his co-passenger’s phone number and email address.

“Luckily I was able to reach my co-passenger with the phone number I got from the newspapers and luckily we lived 6-7km away,” Kumar tweeted.

Not only does Kumar retrieve his co-passenger’s contact details, but he also shared a tip after finding flaws in the airline’s website.

Kumar suggested to IndiGo: “Fix your IVR and make it more user-friendly; Make your customer service more proactive than reactive, and your website is leaking sensitive data, get it fixed.”

IndiGo responded with a note saying they were sorry for the inconvenience and assured us that the website had no security vulnerabilities.

To subscribe to Mint Bulletins

* Enter a valid email address

* Thank you for subscribing to our newsletter.

Download the app to get 14 days of unlimited access to Mint Premium absolutely free!

Source link


Comments are closed.