7.3 C
London
Monday, March 25, 2024
HomeNewsIndia NewsSoftware developer claims he hacked IndiGo website to find lost luggage

Software developer claims he hacked IndiGo website to find lost luggage

Date:

Related stories

Police step in as Indian brothers transform car into ‘helicopter’

INDIAN police seized a DIY car project from two...

Modi’s party acting out of panic, says India’s opposition

VARIOUS constituents of the INDIA bloc condemned Delhi chief...

India’s super-rich control 40 per cent wealth: Study

Inequality in India has skyrocketed since the early 2000s...

India finds involvement of rogue officials in Pannun assassination plot

AN Indian investigation has found that rogue officials, not...

Delhi chief minister’s arrest sparks nationwide protests

DOZENS of Aam Aadmi Party (AAP) members were apprehended...

 

A Bengaluru-based software developer has claimed that he was forced to hack into the website of an Indian airline to find his missing luggage, reports said.

Nandan Kumar, 28, had swapped his bag with a co-passenger. When he called IndiGo for help, the airline refused to aid him trace the other person. This forced Kumar to retrieve information about the passenger from the airline website.

Later, in a series of tweets, Kumar described the incident.

“Hey @IndiGo6E, Want to hear a story? And at the end of it I will tell you hole (technical vulnerability )in your system?,” he tweeted on Monday (28).

 

According to him, by the time he got to the airport luggage belt, a co-passenger had taken his bag and left. He realised the mistake only after getting home.

Though he was able to identify the other person’s Passenger Name Record number or PNR through a luggage tag, the airline didn’t share the information, citing privacy and data protection rules.

The customer care team said they will call him back when they are able to reach the other person, but the call never came, Kumar said.

Later he tried various methods – using the check-in process, by editing the booking and updating the contact to get data about the passenger but nothing worked. Finally, he hacked into the system and found out a phone number of the passenger.

He called his fellow passenger and the two met up to swap their luggage, reports said.

Kumar later advised the airline that the system’s data should have been encrypted, otherwise it allows anyone to access private information.

“Dear,@IndiGo6E, take note. 1. Fix your IVR and make it more user friendly, 2. Make your customer service more proactive than reactive,
3. Your website leaks sensitive data get it fixed,” he tweeted.

 

In a statement to the BBC, IndiGo said that it was reviewing this case in detail. “We would like to state that our IT processes are completely robust,” it added.

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories