An IndiGo passenger has gone viral for exploiting a "technical vulnerability" in the airline's system to find his lost luggage. Nandan Kumar, whose Twitter bio describes him as a software engineer, has shared how he used his technical knowledge to find his luggage after it got exchanged with another passenger.

Kumar said that he managed to find his co-passenger's details on IndiGo's website to connect with him and got his luggage back.

In his first Tweet, Nandan shared that he was travelling from Patna to Bangalore in an Indigo airline flight when he exchanged his bag with a co-passenger. “As the bags exactly same with some minor differences,” he added.

Nandan wrote that he only realized the accidental swap when his wife pointed out a “key-based lock” on the bag. He recalled not using one on his bag and soon called the customer care of the airline.

Kumar says the IndiGo customer care agent assured him he would receive a call back - which he did not. After spending the night without any resolution to the issue, he decided to take matters into his own hands.

"I started digging into the Indigo website trying the co passenger's PNR which was written on the bag tag in hopes of getting his address or number by trying different methods like check-in, edit booking, update contact," he explained.

He later contacted the person and got his bag back. But, having gone through such a cumbersome task, Nandan had some suggestions for the airline. He urged the airline to fix their IVR, make customer service more proactive while also alerting them that their website “leaks sensitive data.”

IndiGo took notice of Nadan's story and responded with an apology for the inconvenience and assured that the website has no security lapses.



"Any passenger can retrieve their booking details using PNR, last name, contact number, or email address from the website. This is the norm practiced across all airline systems globally," the airline stated.

Published on: Thursday, March 31, 2022, 01:45 PM IST