IndiGo’s Response After Techie ‘Hacks’ Website To Find Lost Luggage
[ad_1]
An IndiGo passenger has gone viral for exploiting a “technical vulnerability” in the airline’s system to find his lost luggage. Nandan Kumar, whose Twitter bio describes him as a software engineer, has shared how he used his technical knowledge to find his luggage after it got exchanged with another passenger. Mr Kumar said that he managed to find his co-passenger’s details on IndiGo’s website to connect with him and got his luggage back.
After his Twitter thread went viral, the airline responded saying that it remains “fully committed” to data privacy and Mr Kumar did not compromise their website at any point.
On Sunday, Mr Kumar travelled from Patna to Bengaluru in an IndiGo flight. At the Bengaluru airport, however, his bag got exchanged with another passenger. “Honest mistake from both our end. As the bags exactly same with some minor differences,” he wrote in his viral Twitter thread.
Soo I traveled from PAT – BLR from indigo 6E-185 yesterday. And my bag got exchanged with another passenger.
Honest mistake from both our end. As the bags exactly same with some minor differences. 2/n
— Nandan kumar (@_sirius93_) March 28, 2022
Mr Kumar realised that his luggage was with someone else only after he reached home. He managed to get in touch with an IndiGo customer care agent after multiple calls and a long wait.
“They tried to connect me with the co-passenger. But all in vain,” he wrote. “So long story short I couldn’t get any resolution on the issue. And neither your customer care team was not ready to provide me the contact details of the person citing privacy and data protection.”
After the call did not work, the agent assured me that they will call me back when they are able to reach the other person. (I am still waiting for that call ) ???????? 6/n pic.twitter.com/uy7tkqWUO7
— Nandan kumar (@_sirius93_) March 28, 2022
Mr Kumar says the IndiGo customer care agent assured him he would receive a call back – which he did not. After spending the night without any resolution to the issue, he decided to take matters into his own hands.
“I started digging into the Indigo website trying the co passenger’s PNR which was written on the bag tag in hopes of getting his address or number by trying different methods like check-in, edit booking, update contact,” he explained.
So, today morning I started digging into the indigo website trying the co passenger’s PNR which was written on the bag tag in hope to get the address or number by trying different methods like check-in, edit booking, update contact, But no luck whatsoever.
8/n— Nandan kumar (@_sirius93_) March 28, 2022
Finding no success with any of these methods, the software engineer says his “developer instinct” kicked in.
“I pressed the F12 button on my computer keyboard and opened the developer console on the IndiGo website and started the whole checkin flow with network log record on,” he wrote. There, Mr Kumar managed to find the email address and phone number of the co-passenger who had unwittingly walked out with his luggage.
And there in one of the network responses was the phone number and email I’d of my co-passenger.
Ah this was my low-key hacker moment ???????? and the ray of hope.
I made note of the details and decided to call the person and try to get the bags swapped. #dev#dataleak#bugpic.twitter.com/9l4pmNDk6V
— Nandan kumar (@_sirius93_) March 28, 2022
“Ah this was my low-key hacker moment,” he wrote.
In the end, he was able to reach his co-passenger, who, by a stroke of luck, lived not very far away from Mr Kumar’s Bengaluru home. The two decided to meet at a midway point and swapped their bags.
Dear,@IndiGo6E take note
1. Fix your IVR and make it more user friendly
2. Make your customer service more proactive than reactive
3. Your website leaks sensitive data get it fixed.— Nandan kumar (@_sirius93_) March 28, 2022
Mr Kumar concluded his thread with a few suggestions for IndiGo, including more proactive customer care. “Your website leaks sensitive data,” he also wrote.
The airline has responded to his tweets, saying that data privacy policy prevented them from sharing a passenger’s personal details, but at “no point was the IndiGo website compromised.”
— IndiGo (@IndiGo6E) March 29, 2022
“We’d also like to state that our IT processes are completely robust and, at no point was the IndiGo website compromised. Any passenger can retrieve their booking details using PNR, last name, contact number or email address from the website. This is the norm practiced across all airlines globally,” IndiGo said in its statement, adding: “However, your feedback is duly noted and will definitely by reviewed.”
Click for more trending news
[ad_2]
Source link