Software engineer EASILY hacks airline website to find lost luggage
A software engineer has shared just how easy it was – scarily so – for him to hack an airline’s system.
Nandan Kumar was on a domestic flight on Indian airline IndiGo and revealed that he and a passenger had mistakenly taken each other’s bags.
He tried calling IndiGo multiple times and was unsuccessful, so decided to put his skills to use and find whoever took his bag.
Nandan shared the entire ordeal on Twitter, showing how easy it was to hack IndiGo’s website and find other passengers’ details.
“I reached home when my wife pointed out that the bag seems to be different from ours as we don’t use key based locks in our bags,” he wrote.
“So right after reaching home I called your customer care. After multiple calls and navigating through @IndiGo6Eand of course a lot of waiting I was able to connect to one of your customer care agents and they tried to connect me with the co-passenger. But all in vain.
“Long story short, I couldn't get any resolution on the issue. And neither your customer care team was not ready to provide me with the contact details of the person citing privacy and data protection.”
Nandan said customer service assured him they would call back in the morning but when they didn’t he knew it was time to “take the matter in my own hands”.
“After all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole checkin flow with network log record on.
“And there in one of the network responses was the phone number and email of my co-passenger.
“I made note of the details and decided to call the person and try to get the bags swapped.”
Luckily the pair were not far from each other and agreed to meet at a central place to exchange the bags.
Nandan, however, went one step further and urged IndiGo to update their website – as it was way too easy to hack!
Image: Twitter