Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Passenger ‘hacks’ airline’s website to find lost luggage

Nandan Kumar said he was forced to get creative after he took the wrong bag by mistake

Helen Coffey
Thursday 31 March 2022 12:16 BST
Comments
The incident occurred after an IndiGo flight
The incident occurred after an IndiGo flight (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A passenger says he took the unorthodox step of hacking an airline’s website to locate his luggage after he ended up with the wrong bag by mistake.

Nandan Kumar claims to have taken drastic action following IndiGo flight 6E-185 from Patna to Bengaluru on 27 March, when he ended up with another traveller’s bag after the flight but didn’t notice until he arrived home as the two bags were “exactly the same with some minor differences”.

Sharing his experience on social media, the software engineer said it took multiple calls to get through to an IndiGo customer service agent – and even then claims they were unable to connect him with the other passenger.

“So long story short I couldn’t get any resolution on the issue,” he tweeted. “And neither your customer care team was not ready to provide me the contact details of the person, citing privacy and data protection.”

Kumar claims he was promised a callback, which also never came.

It was at this point that his “dev instinct kicked in”; “I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole check-in flow with network log record on,” he tweeted.

“And there in one of the network responses was the phone number and email of my co-passenger. Ah this was my low-key hacker moment and the ray of hope. I made note of the details and decided to call the person and try to get the bags swapped.”

According to Mr Kumar, he was able to reach his fellow passenger using the phone number and the pair decided to meet midway between their houses to exchange bags.

His parting gift? Three bits of advice for the airline: “1. Fix your IVR and make it more user friendly; 2. Make your customer service more proactive than reactive; 3. Your website leaks sensitive data, get it fixed.”

Mr Kumar’s story captured social media’s attention, garnering more than 6,500 likes and over 2,000 retweets.

IndiGo strongly refuted Mr Kumar’s accusation that the airline’s website “leaks sensitive data”.

In a statement posted to Twitter, the carrier said: “We’d like to state that our IT processes are completely robust and at no point was the IndiGo website compromised.

“Any passenger can retrieve their booking details using PNR, last name, contact number or email address from the website.

“This is the norm practiced across all airline systems globally. However, your feedback is duly noted and will definitely be reviewed.”

The airline added that it is “fully committed to consumer data privacy and industry benchmark cybersecurity standards”.

The Independent has asked IndiGo for comment on the incident.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in