Unable To Find His Luggage, Bengaluru Techie Hacks IndiGo Website. Airline Responds
Nandan not only found his luggage but also narrated the entire incident and told the airlines about the loopholes in their website.
New Delhi: Mismatch of luggage is a common occurrence at airports, but what is uncommon is this Bengaluru man’s attempt at locating his luggage. A Bengaluru-based software developer, Nadan Kumar decided to put his skills to best use to find his lost luggage by hacking into the airline’s website.
Nandan not only found his luggage but also narrated the entire incident and told the airlines about the loopholes in their website.
“Hey IndiGo. Want to hear a story? And at the end of it I will tell you hole (technical vulnerability )in your system?” is how Nadan starts the story.
Soo I traveled from PAT - BLR from indigo 6E-185 yesterday. And my bag got exchanged with another passenger.
— Nandan kumar (@_sirius93_) March 28, 2022
Honest mistake from both our end. As the bags exactly same with some minor differences. 2/n
Nadan was travelling from Patna to Bengaluru with IndiGo airlines when his luggage got exchanged with another passenger which he termed as an “honest mistake.” He got to know about the luggage exchange when his wife noticed the minor difference between their bag and the one they bought from the airport.
Nandan contacted IndiGo’s customer service which tried to contact the other passenger “but all in vain.”
The issue remained unresolved so far and the agent assured Nadan that he will be contacted once they are able to reach the other person. “I am still waiting for that call,” Nadan wrote.
After the call did not work, the agent assured me that they will call me back when they are able to reach the other person. (I am still waiting for that call ) 👇🏻 6/n pic.twitter.com/uy7tkqWUO7
— Nandan kumar (@_sirius93_) March 28, 2022
After receiving no call from the airline, Nadan decided to take the matter in his own hands and this is where the story gets interesting.
“I pressed the F12 button on my computer keyboard and opened the developer console on the IndiGo website and started the whole checkin flow with network log record on,” he wrote.
“And there in one of the network responses was the phone number and email I’d of my co-passenger. Ah this was my low-key hacker moment and the ray of hope. I made note of the details and decided to call the person and try to get the bags swapped,” the software developer added.
So now, after all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole checkin flow with network log record on.
— Nandan kumar (@_sirius93_) March 28, 2022
9/n
Nadan’s effort yielded results and both the passengers swapped bags.
The story does not end here and Nadan went on to tell IndiGo about the loopholes in their technical backend. “1. Fix your IVR and make it more user friendly 2. Make your customer service more proactive than reactive 3. Your website leaks sensitive data, get it fixed,” he enlisted the solutions.
The story doesn’t still end here as in the end he wrote that the other passenger never received a call from the IndiGo while the airline’s agent claimed that they had called the person thrice.
IndiGo took notice of Nadan’s story and responded with an apology for the inconvenience and assured that the website has no security lapses.
— IndiGo (@IndiGo6E) March 29, 2022
While the airlines apologised for their mistake, Nadan’s story seemed to go well with netizens as at the time of writing this report, Nadan received 181 replies on his tweet including IndiGo’s, 1,649 retweets and 5,100 likes.