Not being able to find your luggage at the baggage belt in an airport or someone mistakenly picking up your bag is one of the most underrated problems that exist. On top of that, imagine the airline not being of much help in retrieving your bag. However, one guy from Bangalore channelled his inner hacker to resolve the issue after something similar happened to him.
Hey @IndiGo6E ,
Want to hear a story? And at the end of it I will tell you hole (technical vulnerability )in your system? #dev #bug #bugbounty 😝😝 1/n— Nandan kumar (@_sirius93_) March 28, 2022
Nandan Kumar, a software engineer, was flying from Patna to Bangalore via an IndiGo flight. His luggage got swapped by mistake with someone else. The two bags were almost identical and hence, the confusion.
Soo I traveled from PAT – BLR from indigo 6E-185 yesterday. And my bag got exchanged with another passenger.
Honest mistake from both our end. As the bags exactly same with some minor differences. 2/n
— Nandan kumar (@_sirius93_) March 28, 2022
I realised it only after I reached home when my wife pointed out that the bag seems to be a different from ours as we don’t use key based locks in our bags.
PS: We have too much faith in airline staff 😝😝
So right after reaching home I called your customer care. 3/n— Nandan kumar (@_sirius93_) March 28, 2022
Kumar shared pictures of the two bags with us and you can see how similar they are.
He reached home and called IndiGo customer care but the issue couldn’t get resolved. The airline officials also wouldn’t provide him with the details of his co-passenger because of their privacy and data protection regulations.
After multiple calls and navigating through @IndiGo6E IVR and of course a lot of wait I was able to connect to one of your customer care agents and they tried to connect me with the co-passenger. But all in vain. 4/n
— Nandan kumar (@_sirius93_) March 28, 2022
So long story short I couldn’t get any resolution on the issue. And neither your customer care team was not ready to provide me the contact details of the person citing privacy and data protection . @Ankurkrtweets take note of this, it gets interesting😝
5/n— Nandan kumar (@_sirius93_) March 28, 2022
The customer care agent said that they would call Kumar when they would have a word with the other passenger but eventually, no calls were made. After waiting for quite a while, Kumar decided to take matters into his own hands.
So, today morning I started digging into the indigo website trying the co passenger’s PNR which was written on the bag tag in hope to get the address or number by trying different methods like check-in, edit booking, update contact, But no luck whatsoever.
8/n— Nandan kumar (@_sirius93_) March 28, 2022
Hacker mode ON.
So now, after all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole checkin flow with network log record on.
9/n— Nandan kumar (@_sirius93_) March 28, 2022
Pressing F12 on a browser opens developer tools. It gives developers ways of looking at requests and responses sent and received to and from a website server, among other debugging options.
He was able to find his co-passenger’s contact details. He made a note of it and got in touch with the person concerned.
Turns out, the co-passenger lived nearby and they decided to meet halfway. And so, the bags were ultimately exchanged. However, when asked, the co-passenger alleged that they didn’t receive any call from the airline, despite its customer care agent claiming otherwise.
And there in one of the network responses was the phone number and email I’d of my co-passenger.
Ah this was my low-key hacker moment 😇😇 and the ray of hope.
I made note of the details and decided to call the person and try to get the bags swapped. #dev #dataleak #bug pic.twitter.com/9l4pmNDk6V
— Nandan kumar (@_sirius93_) March 28, 2022
And thankfully I was able to reach my co passenger with the phone number I got from the logs and luckily we lived in a close proximity of 6-7 KMs. So we decided to meet at a Center point and got our bags swapped.
Dear @IndiGo6E , take note of my next tweet and try to improve.
— Nandan kumar (@_sirius93_) March 28, 2022
Kumar had a few suggestions for IndiGo to make, including improving their customer service.
Dear,@IndiGo6E take note
1. Fix your IVR and make it more user friendly
2. Make your customer service more proactive than reactive
3. Your website leaks sensitive data get it fixed.— Nandan kumar (@_sirius93_) March 28, 2022
As the tweet grabbed several eyeballs on Twitter and went viral, IndiGo responded with an explanation. Speaking to Storypick, Kumar also revealed that the airline gave him a call and apologized. They also claimed that the IndiGo website isn’t compromised.
— IndiGo (@IndiGo6E) March 29, 2022
If this is what techies have to go through, what chances do normal people have?😅