A bloke who lost his suitcase in an airport baggage mixup says he hacked an airline's website to track down the person who had his bag after the airline refused to help.
Nandan Kumar took a flight between the Indian cities of Patna and Bengaluru with budget airline IndiGo.
In a simple mistake, Nandan ended up with another passenger’s identical-looking suitcase. He returned to the airport to try to catch up with other person but they’d already left.
Data on a luggage tag helped him track down the other person's Passenger Name Record number, but when he called IndiGo and asked them to give him their name and phone number they refused, saying it would be a breach of data protection rules.
The person he spoke to at IndiGo promised that they’d track the other passenger down for him, Nandan said, "but the call never came."
Nandan used his IT skills to try to track down the other passenger. At first unsuccessfully, but then he had a breakthrough.
"After all failed attempts, my developer instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the IndiGo website," he told the BBC. "I thought 'let me check the network logs’."
The simple trick revealed the other person’s phone number, plus several other details. He said he was shocked by how much data was revealed, saying the website should have been encrypted, to prevent anyone from accessing private information.
"A PNR and a last name is very easy to get,” he explained. “People share their boarding passes. Anyone can see your bags, take a picture and later use it get your information," Mr Kumar says.
Still, the trick did help Nandan get his bag back. He used the phone number he had managed to get and called the other passenger and arranged to meet up with them.
IndiGo say that "at no point was the IndiGo website compromised,” adding that they would be "reviewing this case in detail and would like to state that our IT processes are completely robust".
Source: Read Full Article