A passenger hacked the IndiGo airline’s website to find out his “lost” luggage. The passenger, named Nandan Kumar, who hacked the website shared the incident on Twitter. Kumar writes that on March 27, he boarded an IndiGo 6E-185 flight from Patna and his bag got exchanged with another passenger. “Honest mistake from both our end. As the bags exactly same with some minor differences,” Kumar wrote.
Kumar said he found out about the missing bag when he reached Bengaluru. “I realised it only after I reached home when my wife pointed out that the bag seems to be different from ours as we don’t use key-based locks in our bags,” Kumar said.
Subsequently, he dialed IndiGo’s customer care and but he could not find any resolution. he said IndiGo did not share details of the co-passenger citing privacy and data protection.
“After the call did not work, the agent assured me that they will call me back when they are able to reach the other person,” Kumar added.
The next day, Kumar started digging into IndiGo’s website trying the co-passengers PNR which was written on the bag tag, hoping to get the address or contact number.
Kumar’s this attempt also failed. Thereafter, he said he pressed the F12 key on his computer keyboard and opened the “developer console on the IndiGo website started the whole checking flow with network log record on”.
Finally, Kumar found the phone number and email id of his co-passenger.
“Thankfully I was able to reach my co-passenger with the phone number I got from the logs and luckily we lived in a proximity of 6-7 KMS,” Kumar tweeted.
Not just Kumar retrieve the contact details of his co-passenger he also shared a piece of advice after finding loopholes in the airline’s website.
Kumar suggested IndiGo, “Fix your IVR and make it more user friendly; Make your customer service more proactive than reactive, and Your website leaks sensitive data get it fixed”.
IndiGo responded with a note claiming that they were sorry for the inconvenience caused and assured us that the website had no security lapses.