An IndiGo passenger recently claimed that he found a technical vulnerability in the airline’s system and hacked its website to find his lost luggage.
Nandan Kumar, whose Twitter bio describes him as a software engineer, has shared a thread on Twitter on how he used his technical knowledge to find his luggage after it got exchanged with another passenger.
The techie claimed that he managed to find his co-passenger's details on IndiGo's website to connect with him and got his luggage back.
However, after his tweet went viral, the airline denied the claim, saying it remains "fully committed" to data privacy and Kumar did not compromise their website at any point.
What happened?
On Sunday, March 27, Kumar boarded an IndiGo flight from Patna to Bengaluru and his bag got exchanged with his co-passenger as their luggage was similar in appearance.
"Honest mistake from both our end. As the bags exactly same with some minor differences," he wrote in his viral Twitter thread.
According to Kumar, he contacted IndiGo’s customer care agents but their efforts in connecting him with the co-passenger were not fruitful.
The engineer also suggested the airline company make their customer service more proactive than reactive. He also added that the website leaks sensitive data and asked them to get it fixed.
Indigo’s response
After Kumar's Twitter thread went viral, the airline has now responded, saying that data privacy policy prevented them from sharing a passenger's personal details, but at "no point was the IndiGo website compromised."
"We'd also like to state that our IT processes are completely robust and, at no point was the IndiGo website compromised. Any passenger can retrieve their booking details using PNR, last name, contact number or email address from the website. This is the norm practiced across all airlines globally," IndiGo said in its statement, adding: "However, your feedback is duly noted and will definitely by reviewed."
