An IndiGo passenger has shared how he recovered his lost luggage.
An IndiGo passenger has gone viral for exploiting a “technical vulnerability” in the airline’s system to find his lost luggage. Nandan Kumar, whose Twitter bio describes him as a software engineer, has shared how he used his technical knowledge to find his luggage after it was exchanged with another passenger. Mr Kumar said he could find his fellow passenger’s details on IndiGo’s website to contact him and get his luggage back.
After his Twitter thread went viral, the airline replied that it remains “completely committed” to data privacy and that Mr Kumar has at no time compromised their website.
On Sunday, Mr. Kumar traveled on an IndiGo flight from Patna to Bengaluru. However, at the Bengaluru airport, his bag was exchanged with another passenger. “Honest mistake from both of us. Because the bags are exactly the same with some minor differences,” he wrote in his viral Twitter thread.
So I traveled yesterday from PAT – BLR of indigo 6E-185. And my bag was exchanged with another passenger.
Honest mistake from both of us. If the bags are exactly the same with some minor differences. 2/n
— Nandan Kumar (@_sirius93_) March 28, 2022
Mr. Kumar didn’t realize his luggage was with someone else until he got home. He managed to get in touch with an IndiGo customer service after multiple phone calls and a long wait.
“They tried to put me in touch with the fellow passenger. But in vain,” he wrote. “So long story short that I couldn’t get a solution to the problem. And your customer service team wasn’t ready to provide me with the contact details of the person who mentioned privacy and data protection either.”
After the call didn’t work, the agent assured me that they will call me back if they can reach the other person. (I’m still waiting for that call) ???????? 6/n pic.twitter.com/uy7tkqWUO7
— Nandan Kumar (@_sirius93_) March 28, 2022
Mr Kumar says IndiGo’s customer service representative assured him that he would be called back, which he did not. After spending the night without any resolution to the matter, he decided to take matters into his own hands.
“I started digging on the Indigo website and tried the fellow passenger’s PNR written on the luggage tag in hopes of getting his address or number by trying different methods such as check-in, edit booking, update contact,” he explained. from.
So today I started digging on the indigo website and tried the fellow passenger’s PNR written on the luggage tag hoping to get the address or number by trying different methods like check in, edit booking, update contact but no just luck.
8/n— Nandan Kumar (@_sirius93_) March 28, 2022
The software engineer found no success with any of these methods, saying his “developer instinct” kicked in.
“I pressed the F12 button on my computer keyboard and opened the developer console on the IndiGo website and started the whole check-in flow with network log record on,” he wrote. There, Mr. Kumar managed to find out the e-mail address and telephone number of the fellow passenger who had unintentionally walked out with his luggage.
And there in one of the network’s comments was the phone number and email address I had for my fellow passenger.
Ah this was my low key hacker moment ???????? and the glimmer of hope.
I wrote down the details and decided to call the person and try to get the bags exchanged. #the V#data breach#bugpic.twitter.com/9l4pmNDk6V
— Nandan Kumar (@_sirius93_) March 28, 2022
“Ah, this was my low-key hacker moment,” he wrote.
Finally, he was able to reach his fellow passenger, who, by a stroke of luck, lived not far from Mr Kumar’s home in Bengaluru. The two decided to meet half way and exchanged their bags.
Dear,@IndiGo6E take note
1. Restore your IVR and make it more user-friendly
2. Make your customer service more proactive than reactive
3. Your website is leaking sensitive data and getting it fixed.— Nandan Kumar (@_sirius93_) March 28, 2022
Mr. Kumar closed his thread with a few suggestions for IndiGo, including more proactive customer service. “Your website is leaking sensitive data,” he also wrote.
The airline responded to its tweets, saying its privacy policy prevented them from sharing a passenger’s personal information, but “at no point was the IndiGo website compromised”.
— IndiGo (@IndiGo6E) March 29, 2022
“We would also like to state that our IT processes are completely robust and that the IndiGo website has not been compromised at any time. Any passenger can retrieve their booking details using PNR, last name, contact number or email address of the website. This is the standard adopted by all airlines worldwide,” IndiGo said in its statement, adding: “However, your feedback will be duly noted and will certainly be reviewed.”
Click for more trending news