An IndiGo passenger has shared how he managed to find his lost luggage.
An IndiGo passenger has gone viral for exploiting a "technical vulnerability" in the airline's system to find his lost luggage. Nandan Kumar, whose Twitter bio describes him as a software engineer, has shared how he used his technical knowledge to find his luggage after it got exchanged with another passenger. Mr Kumar said that he managed to find his co-passenger's details on IndiGo's website to connect with him and got his luggage back.
After his Twitter thread went viral, the airline responded saying that it remains "fully committed" to data privacy and Mr Kumar did not compromise their website at any point.
On Sunday, Mr Kumar travelled from Patna to Bengaluru in an IndiGo flight. At the Bengaluru airport, however, his bag got exchanged with another passenger. "Honest mistake from both our end. As the bags exactly same with some minor differences," he wrote in his viral Twitter thread.
Mr Kumar realised that his luggage was with someone else only after he reached home. He managed to get in touch with an IndiGo customer care agent after multiple calls and a long wait.
"They tried to connect me with the co-passenger. But all in vain," he wrote. "So long story short I couldn't get any resolution on the issue. And neither your customer care team was not ready to provide me the contact details of the person citing privacy and data protection."
Mr Kumar says the IndiGo customer care agent assured him he would receive a call back - which he did not. After spending the night without any resolution to the issue, he decided to take matters into his own hands.
"I started digging into the Indigo website trying the co passenger's PNR which was written on the bag tag in hopes of getting his address or number by trying different methods like check-in, edit booking, update contact," he explained.
Finding no success with any of these methods, the software engineer says his "developer instinct" kicked in.
"I pressed the F12 button on my computer keyboard and opened the developer console on the IndiGo website and started the whole checkin flow with network log record on," he wrote. There, Mr Kumar managed to find the email address and phone number of the co-passenger who had unwittingly walked out with his luggage.
"Ah this was my low-key hacker moment," he wrote.
In the end, he was able to reach his co-passenger, who, by a stroke of luck, lived not very far away from Mr Kumar's Bengaluru home. The two decided to meet at a midway point and swapped their bags.
Mr Kumar concluded his thread with a few suggestions for IndiGo, including more proactive customer care. "Your website leaks sensitive data," he also wrote.
The airline has responded to his tweets, saying that data privacy policy prevented them from sharing a passenger's personal details, but at "no point was the IndiGo website compromised."
"We'd also like to state that our IT processes are completely robust and, at no point was the IndiGo website compromised. Any passenger can retrieve their booking details using PNR, last name, contact number or email address from the website. This is the norm practiced across all airlines globally," IndiGo said in its statement, adding: "However, your feedback is duly noted and will definitely by reviewed."
Click for more
trending news