Moneycontrol PRO
Upcoming Event : LeapToUnicorn - mentoring, networking and fundraising for startups. Register now
you are here: HomeNewsTrends

Techie claims he hacked IndiGo site to find lost bag. What airline said

Nandan Kumar said he had accidentally switched bags with another person. He claimed he took matters into his own hand since IndiGo did not help him.

March 31, 2022 / 04:21 PM IST
IndiGo denied the claims of the man, named Nandan Kumar, saying that its IT systems were strong. (Image credit: Twitter/ @_sirius93)

IndiGo denied the claims of the man, named Nandan Kumar, saying that its IT systems were strong. (Image credit: Twitter/ @_sirius93)


A software engineer has claimed to have hacked IndiGo’s website to retrieve his luggage, which he had accidentally switched with a co-passenger. The airline denied his claim.

In a Twitter thread, the man, Nandan Kumar, said he took matters into his own hands because he did not receive help from the airline.

“Hey IndiGo6E want to hear a story?” the man wrote in his first tweet. “And at the end of it I will tell you a technical vulnerability in your system.”

Kumar added that he had taken a flight from Patna to Bengaluru on March 27 and ended up switching his luggage with another person. “Honest mistake from both our end as the bags (were) exactly same with some minor differences.”

The man said it was only after reaching home that he realised he was not carrying his own bag. Then, he reached out to the airline.

“After multiple calls and navigating through IndiGo IVR (interactive voice response), and of course a lot of wait, I was able to connect to one of your customer care agents and they tried to connect me with the co-passenger,” he added. “But all in vain.”

Kumar said the matter was not resolved and for obvious privacy reasons, IndiGo’s customer care refused to provide him his co-passenger’s contact details.

The man said the customer care agent assured him that they would get back to him after contacting his co-passenger.

Kumar claimed the airline did not follow up

“So, I started digging into the IndiGo website trying the co passenger’s PNR which was written on the bag tag in hope to get the address or number by trying different methods like check-in, edit booking, update contact, but no luck whatsoever,” he said.

Then, he said his “developer instinct” kicked in.

“I pressed the F12 button on my computer keyboard and opened the developer console on the IndiGo website and started the whole check-in flow with network log record on,” Kumar added. “ And there in one of the network responses was the phone number and email ID of my co-passenger. Ah this was my low-key hacker moment and the ray of hope.”

Kumar said that when he called his co-passenger, he found out he was not too far away. “We decided to meet at a center point and got our bags swapped,” he added.

The man had some suggestions for IndiGo. “Fix your IVR and make it more user friendly, make your customer service more proactive than reactive. Your website leaks sensitive data, get it fixed.”

As the man’s account got attention on Twitter, IndiGo issued a statement in response.

“Due to data privacy policy, we're not allowed to share any of the passenger 's information therefore, our customer care team tried to arrange a conference call in order to facilitate the exchange of baggage,” it said. “Our IT processes are completely robust and, at no point was the lndiGo website compromised,” the airline said.
Moneycontrol News
first published: Mar 31, 2022 04:15 pm