BENGALURU: In a major embarrassment for the Indigo airline, one of its passengers on a flight from Patna to Bengaluru hacked into its website to track details of a passenger who had taken his luggage by mistake.
Nandan Kumar, a software engineer, shared details of his hacking in a twitter thread addressed to Indigo stating that there was "a hole (technical vulnerability) in your system."
Kumar had travelled from Patna to Bengaluru by 6E-185 on March 27 and his bag got exchanged with another passenger owing to a honest mistake on the part of both. "I realised it only after I reached home when my wife pointed out that the bag seems to be different from ours as we don't use key-based locks in our bags...So right after reaching home I called your customer care," he tweeted.
Many calls later, the customer care team was not willing to provide contact details of the person citing privacy and data protection, he said. An agent promised to call back after contacting the other person but that call never came through. After the night passed and the morning, Kumar said he decided to take the matter in his own hands.
After repeated attempts to track the passenger on the website using the passenger's PNR number on the luggage failed, the software engineer decided to hack into the system.
"I pressed the F12 button on my computer keyboard and opened the developer console on the Indigo website and started the hole check-in flow with network log record on. And there in one of the network responses was the phone number and email id of my co-passenger. Ah this was my low-key hacker moment and the ray of hope," his tweet said.
He called the co-passenger, who happened to live just over 6 kms away and exchanged the baggage.
Kumar also pointed out that Indigo had never called the co-passenger in connection with the luggage though the agent had claimed to him that he was called thrice.
Responding to the charges, an Indigo spokesperson in a message said, "We are reviewing this case in detail and we would like to state that our IT processes are completely robust and, at no point was the Indigo website compromised. Our customer care team followed protocol by not sharing any other passenger's contact details with anothe rpassenger. This is in line with our data privacy policies."
Attempts were made by the customer care team to facilitate the exchange of baggage but it could not be completed as the calls went unanswered, it added.