A passenger flying on India’s IndiGo airline said that he hacked the airline’s website after he lost his baggage. Nandan Kumar, the passenger, took to Twitter and described the sequence of events tagging IndiGo.
“Hey IndiGo, want to hear a story? And at the end of it I will tell you hole (technical vulnerability )in your system?”, read Kumar’s first tweet posted on March 28
In his tweet thread, Kumar has mentioned that he took an IndiGo flight from Patna to Bengaluru on March 27. His bag got exchanged with that of a fellow passenger as both of them were nearly identical.
“After multiple calls and navigating through @IndiGo6E IVR and of course a lot of wait I was able to connect to one of your customer care agents and they tried to connect me with the co-passenger. But all in vain. 4/n” reads one of his tweets in the thread.
Kumar says that he requested the airline to provide contact details of the other passenger. The customer care agent declined this request citing privacy and data protection rules. However, the agent said that the airline will get back to Kumar once the other passenger was contacted.
Kumar says as he didn’t get a response even the next day, he decided to check the developer console on IndiGo website by pressing F12.
“So now, after all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole checkin flow with network log record on,” he says.
Nandan Kumar said in subsequent tweets that he got his co-passenger’s number and they met to return each other the correct baggage.
Here’s the complete Twitter thread.
IndiGo has denied that its website was hacked. The airline has posted a statement at the end of Nandan Kumar’s thread.
“The airline said in its statement that its “IT processes are completely robust and, at no point was the IndiGo website compromised”