Nandan Kumar, a software engineer from Bangalore, caught the attention of network users after playing IndiGO Website Hack. While traveling from Patna to Bangalore on board the IndiGo flight, Kumar was in adobo after his luggage was accidentally picked up by another passenger. The incident soon turned into a snowball in a broader scenario, in which Kumar asked to use his development skills for good. The technician shared his story about getting his luggage on Twitter and also pointed to a security breach on the IndiGo website. – IndiGO Website Hack
Read this post also = Why MGNREGA Had Been So Popular Till Now?
What is the full story behind the IndiGO Website Hack by Nandan Kumara Software Engineer?
Hey @IndiGo6E, Want to hear a story? And at the end of it I will tell you the hole (technical vulnerability )in your system? IndiGO Website Hack
So I traveled from PAT – BLR from Indigo 6E-185 yesterday. And my bag got exchanged with another passenger.
An honest mistake from both our ends. As the bags exactly the same with some minor differences. 2/n
I realized it only after I reached home when my wife pointed out that the bag seems to be different from ours as we don’t use key-based locks in our bags.
PS: We have too much faith in airline staff
So right after reaching home I called your customer care. 3/n
After multiple calls and navigating through
IVR and of course a lot of waits I was able to connect to one of your customer care agents and they tried to connect me with the co-passenger. But all in vain.
So long story short I couldn’t get any resolution on the issue. And neither of your customer care team was not ready to provide me with the contact details of the person citing privacy and data protection.
take note of this, it gets interesting
After the call did not work, the agent assured me that they will call me back when they are able to reach the other person. (I am still waiting for that call )
So I slept the night without any resolution to the issue. Thinking I may get a call in the morning.
And after I did not get any calls from
@IndiGo6EI decided to take the matter into my own hands 7/n
So, today morning I started digging into the indigo website trying the co-passengers PNR which was written on the bag tag in the hope to get the address or number by trying different methods like check-in, edit booking, update contact, But no luck whatsoever.
So now, after all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the
website and started the whole checkin flow with network log record on.
And therein one of the network responses was the phone number and email I’d of my co-passenger.
Ah, this was my low-key hacker moment and the ray of hope.
I made note of the details and decided to call the person and try to get the bags swapped.
And thankfully I was able to reach my co-passenger with the phone number I got from the logs and luckily we lived in close proximity of 6-7 KMs. So we decided to meet at a Center point and got our bags swapped.
Dear @IndiGo6E, take note of my next tweet and try to improve.
Dear, @IndiGo6E take note – IndiGO Website Hack
- Fix your IVR and make it more user friendly
- Make your customer service more proactive than reactive
- Your website leaks sensitive data get it fixed.
Fun Fact: IndiGO Website Hack
When I asked my co-passenger if he had got a call from indigo, he denied it saying he did not get any calls. While the agent claimed to me that They called three times.
@IndiGo6E @Ankurkrtweets @scottishladki – IndiGO Website Hack
For those asking what was the co-passenger doing,
He did not realize that the bags were exchanged until I called him and explained the whole scenario.
He was also surprised on how did I get his number, had to explain that to him too.
But at the end we both were happy.
I have been realized that in some cases the phone number and email I’d are visible on the screen itself.
That wasn’t the case with my co-passengers, I had to look into the network log.
In those cases, it’s even easier for ppl with malicious intent to get the details.
Also.. in the network response, they are even sending details like: IndiGO Website Hack
- Address that you enter while doing a web check-in i.e. your home address or your hotel/Airbnb address
- You check-in baggage details with id and weight And some more crucial details.
My only suggestion to fellow passengers is to please do not share your boarding pass photos or your PNR details on social media or public domain.
And I hope airlines take all these things in the account and do something about it i.e. encrypt the data being sent over the network.
Full Twite of Nandan Kumar – IndiGO Website Hack
What is the Reason Behind the IndiGO Website Hack
Nandan Kumar a software engineer, Hack IndiGo website For Find His Lost Luggage
Who hacks the IndieGo website?
Nandan Kumar a software engineer, Hack IndiGo website
Is Nandan Kumar’s problem solved?
Yes, the Problem of Nandan Kumar is solved.