IndiGo website was hacked by a passenger who tried to track down his lost luggage. He was a techie from Bengaluru.
Airline passengers lose their luggage often enough and then they are made to run from pillar to post to locate it. However, how many times would you have seen a passenger commandeer the airline’s website in order to locate his luggage. Probably, never. Well, that fact of aviation history seems to have changed, probably forever. It turns out that IndiaGo airlines website was hacked by a distraught passenger in an attempt to locate his lost luggage! Turned out he was a techie. This is the story of Nandan Kumar, a software engineer from Bengaluru, who managed to misplace his luggage in a mix-up with a co-passenger. Failing to get any solution from the Indigo team, he did something unusual! Instead of waiting, he took the matter into his own hands!
The Indigo website was hacked by the techie, so he claims, to find the details of his co-passenger to get his luggage back! Yes, you heard it right. He narrated the whole story on his Twitter account. “So, I travelled from PAT – BLR from Indigo 6E-185 yesterday. And my bag got exchanged with another passenger. An honest mistake from both our ends. As the bags were exactly the same with some minor differences,” he wrote on Twitter.
He further continued in the tweet thread that he only realised about the luggage mix-up once he reached back home. And as soon as he got to know about it, he contacted customer care. But guess what? “After multiple calls and navigating through Indigo IVR and of course a lot of waiting I was able to connect to one of your customer care agents and they tried to connect me with the co-passenger. But all in vain, (sic)” he narrated in a Tweet.
So, how did Kumar get his luggage back?
Later, he started digging into the Indigo website to get the co-passengers PNR details with whom he exchanged the luggage. Surprisingly, after a few failed attempts, he used his software skills and managed to get inside the developer console on the Indigo website. After a while, his efforts showed a ray of hope! He got the contact details of the co-passenger. And this was the winning shot! He contacted him and managed to get his luggage back!
Well, the story doesn’t end here…
The long narrated story Tweet thread didn’t just end with him getting his luggage back. Turning into an ethical hacker or a good samaritan, he also told airline about the loopholes that he found in the Indigo website. In his message, he said, “Dear Indigo, take note of my next tweet and try to improve. 1. Fix your IVR and make it more user friendly; 2. Make your customer service more proactive than reactive; 3. Your website leaks sensitive data and gets it fixed.”
And surprisingly, Indigo replied! Indigo Airlines responded with a long note claiming that their IT processes are completely robust and, at no point was the IndiGo website compromised. Airline further mentioned that, “Any passenger can retrieve their booking details using PNR, last name, contact number, or email address from the website. This is the norm practiced across all airline systems globally.”