An indigo passenger has become a virus to exploit “technical vulnerabilities” in the airline system to find lost luggage. Nandan Kumar, the Bio Twitter who described it as a software engineer, has shared how he uses his technical knowledge to find his luggage after being exchanged for other passengers. Mr Kumar said that he managed to find his co-passenger details on the Indigo website to connect with him and get his luggage back.
After his Twitter thread became a viral, the airline responded to say that it remained “full committed” for data privacy and Mr Kumar did not endanger their website anytime.
On Sunday, Mr Kumar left Patna to Bengaluru in Indigo flights. However, at Bengaluru Airport, the bag was exchanged with other passengers. “Honesty error from our end. As a bag exactly with some small differences,” he wrote on his virgin twitter thread.
Mr Kumar realized that his luggage with other people was only after he got home. He managed to contact the Indigo customer care agent after several calls and waited a long time.
“They tried to connect me with co-passengers. But all in vain,” he wrote. “The story is short, I can’t get any resolution about this problem. And both your customer service team is not ready to give me people’s contact details that quote the privacy and data protection.”
Mr Kumar said the Indigo customer care agent convinced him that he would receive a call again – which he did not do. After spending the night without a resolution for this problem, he decided to take a problem into his own hands.
“I started digging the Indigo site trying PNR passenger co written on the bag tag in the hope of getting the address or number by trying various methods such as check-in, edit bookings, update contacts,” he explained.
Finding unsuccessfully with one of these methods, software engineers say “Developer instincts” kick.
“I pressed the F12 button on my computer keyboard and opened the developer console on the Indigo website and started the entire checin stream with a network log note on,” he wrote. There, Mr Kumar managed to find an email address and telephone number co-passenger who unwittingly walked out with his luggage.
“Ah, this is a low key hacker moment,” he wrote.
In the end, he can reach his co-passengers, who, with luck, life is not too far from Bengaluru Kumar’s house. Both decided to meet in the middle of the road and exchanged their bags.
Mr Kumar concluded his utens with some suggestions for Indigo, including more proactive customer service. “Your website leaks sensitive data,” he also wrote.
The airline has responded to his tweet, by saying that the data privacy policy prevented them from sharing the personal details of passengers, but on “no points are the compromised indigo websites.”
“We also want to declare that our IT process is really strong and, at the point there is no indigo website compromised. Every passenger can take their order details using PNR, last name, contact number or email address from the website. This norm is practiced at All airlines globally, “Indigo said in his statement, added:” However, your feedback is noticed and will definitely be reviewed. “