A Bengaluru-based software developer has been making headlines for hacking Indian airline IndiGo’s website. Nandan Kumar was on an IndiGo trip from Patna to Bangalore when his luggage was accidentally picked up by a fellow passenger, prompting Kumar to use his developer abilities for his own advantage. Kumar took to his Twitter handle to tell the story of how he was able to retrieve his bags while also pointing out the security holes in the IndiGo airline’s website.
Kumar wrote, ‘So, I travelled from PAT – BLR from indigo(sic) 6E-185 yesterday. And my bag got exchanged with another passenger. Honest mistake from both our ends. As the bags were exactly the same with some minor differences’. He went on to say that he phoned the customer support number and followed all of the appropriate procedures to track down his misplaced bags.
The man further revealed, ‘Long story short I couldn’t get any resolution on the issue. And neither your customer care team was ready to provide me with the contact details of the person, citing privacy and data protection’. He went on to say that he didn’t get a call from the customer support employee until the next day. Nandar Kumar decided to take matters into his own hands after repeated fruitless attempts to find the co-passenger.
I realised it only after I reached home when my wife pointed out that the bag seems to be a different from ours as we don’t use key based locks in our bags.
PS: We have too much faith in airline staff ??
So right after reaching home I called your customer care. 3/n— Nandan kumar (@_sirius93_) March 28, 2022
‘After all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole check-in flow with network log record on’, he wrote.
For those who are unfamiliar, pressing F12 brings up a suite of developer tools that allow engineers to examine requests and answers issued and received to and from a website server. Kumar had discovered and switched his luggage with the co-passenger by this time.
A list of security weaknesses on the social networking site was also revealed by the individual. Kumar was contacted by IndiGo Airlines, who apologised for the inconvenience and assured him that the website was secure.
— IndiGo (@IndiGo6E) March 29, 2022
The Twitter thread has received more than 5,000 likes and a variety of responses. Netizens were spotted expressing their complete support for Kumar, and some of them even shared their personal stories.
In my career of 15 years in aviation this is surely the most amazing and epic way a passenger has resolved his query on his own. I shall surely contact you in the future if i ever need any specific info?????. Hats off??
— Siddharth Agarwal (@discoversidd) March 28, 2022
Interesting. Moral of the story..Always check label tag before putting off the belt. Even if the bag looks exactly like yours (with a ribbon on the handle). Everyone can't hack!!
— ???????? Usha?? (@upratap09) March 29, 2022
Are any Indian airlines compliant by GDPR ? You can very well sue Indigo in this instance of private data leak.
— Virender Jamnal (@virendersj) March 28, 2022
Post Your Comments