Many bags look alike, which is why you’re supposed to check your bag tags against the luggage you pick up at the baggage claim carousel. When I was young staff used to check claim tags against the luggage you were taking at New York airports. I haven’t seen this in the U.S. in many years.
A software engineer who had flown IndiGo from Patna to Bangalore picked up the wrong bag, and the person whose bag looked like his picked up the wrong one as well. Despite several attempts to contact the airline IndiGo wouldn’t give him contact information to reach out to the other passenger in order to swap luggage. And, despite its claims to the contrary, they never reached out to the other passenger either.
So the passenger took matters into their own hands. The luggage tag on the bag he picked up had the passenger’s PNR. He used that on the website to pull up the passenger’s details. He reached the other passenger and they exchanged bags. And he called out the airline on twitter.
I realised it only after I reached home when my wife pointed out that the bag seems to be a different from ours as we don’t use key based locks in our bags.
PS: We have too much faith in airline staff 😝😝
So right after reaching home I called your customer care. 3/n— Nandan kumar (@_sirius93_) March 28, 2022
After the call did not work, the agent assured me that they will call me back when they are able to reach the other person. (I am still waiting for that call ) 👇🏻 6/n pic.twitter.com/uy7tkqWUO7
— Nandan kumar (@_sirius93_) March 28, 2022
So now, after all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole checkin flow with network log record on.
9/n— Nandan kumar (@_sirius93_) March 28, 2022
And thankfully I was able to reach my co passenger with the phone number I got from the logs and luckily we lived in a close proximity of 6-7 KMs. So we decided to meet at a Center point and got our bags swapped.
Dear @IndiGo6E , take note of my next tweet and try to improve.
— Nandan kumar (@_sirius93_) March 28, 2022
IndiGo for its part defends its website and says they tried to reach the other passenger but there was no answer.
(HT: Jonathan W.)
Necessity is the mother of invention!
People with real power using it for good instead of malfeasance is unfortunately more rare than common these days.
Kudos to this guy. He had the tools that most people don’t.
@EasyVictor: They had some knowledge that most people don’t, but no tools. The developer console referred to is a publicly accessible feature of all modern browsers.
@Gary: While your use of the term “hack” in the title isn’t exactly incorrect (it was a clever hack to look at the source code of the page in the browser) it might give some people the idea that this person broke into the airline’s system. Instead, they simply examined the detailed information returned to the browser.
In the case of travel reservations in particular it’s a very difficult trick to balance security and access. It’s reasonable to expect someone to want to access their information using only their name and PNR but that’s not very secure — if you find a discarded boarding pass you have the information you need to log in.
The only hack here is Gary Left.
Hack is if they got into the reservation system and booked tickets for free and good luck with that.