A passenger hacks the IndiGo website to track down his misplaced luggage

An IndiGo passenger who lost his luggage shared his “low-key hacker moment” on Twitter and narrated how he managed to find it back all by himself. After Nandan Kumar’s Twitter thread went viral, the airlines responded by saying their IT processes are completely robust and the website was not compromised.

Kumar, whose Twitter bio says he is a software engineer, boarded an IndiGo flight from Patna to Bengaluru on March 27 and his bag got exchanged with his co-passenger as their luggage was similar in appearance.

He contacted IndiGo’s customer care agents but their efforts in connecting him with the co-passenger were not fruitful. Citing privacy and data protection, the airline company did not provide him with the contact details of the co-passenger.

Tired of waiting for the call promised by IndiGo, he decided to “take the matter into his own hands”. Kumar tried to get the details of the co-passenger from the website by using the PNR written on the bag tag.

“So, today morning I started digging into the indigo website trying the co passenger’s PNR which was written on the bag tag in the hope to get the address or number by trying different methods like check-in, edit booking, update contact, But no luck whatsoever,” Kumar tweeted.

Mr Kumar’s suitcase (R) and his co-passenger’s one (L) looked alike (Image Courtesy – BBC)

Kumar said his “dev instinct” then prompted him to press F12, which helped him open the developer console on the IndiGo website. He then managed to get his co-passengers details and later got their bags swapped after meeting them in person.

Tagging IndiGo, the engineer suggested the airline company make their customer service more proactive than reactive. He also noted that the website leaks sensitive data and asked them to get it fixed.

The Twitter thread grabbed netizens’ attention and some users found it interesting and funny while others pointed out that hacking a website was not right.

As the man’s account got attention on Twitter, IndiGo stated in response.“Due to data privacy policy, we’re not allowed to share any of the passenger’s information therefore, our customer care team tried to arrange a conference call to facilitate the exchange of baggage,” it said.

“Our IT processes are completely robust and, at no point was the lndiGo website compromised,” the airline said.

Related Articles