Epic: Passenger Hacks Airline Website To Find His Lost Luggage

Many bags look alike, which is why you’re supposed to check your bag tags against the luggage you pick up at the baggage claim carousel. When I was young staff used to check claim tags against the luggage you were taking at New York airports. I haven’t seen this in the U.S. in many years.

A software engineer who had flown IndiGo from Patna to Bangalore picked up the wrong bag, and the person whose bag looked like his picked up the wrong one as well. Despite several attempts to contact the airline IndiGo wouldn’t give him contact information to reach out to the other passenger in order to swap luggage. And, despite its claims to the contrary, they never reached out to the other passenger either.

So the passenger took matters into their own hands. The luggage tag on the bag he picked up had the passenger’s PNR. He used that on the website to pull up the passenger’s details. He reached the other passenger and they exchanged bags. And he called out the airline on twitter.

IndiGo for its part defends its website and says they tried to reach the other passenger but there was no answer.

(HT: Jonathan W.)

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »


  1. People with real power using it for good instead of malfeasance is unfortunately more rare than common these days.

  2. @EasyVictor: They had some knowledge that most people don’t, but no tools. The developer console referred to is a publicly accessible feature of all modern browsers.

    @Gary: While your use of the term “hack” in the title isn’t exactly incorrect (it was a clever hack to look at the source code of the page in the browser) it might give some people the idea that this person broke into the airline’s system. Instead, they simply examined the detailed information returned to the browser.

    In the case of travel reservations in particular it’s a very difficult trick to balance security and access. It’s reasonable to expect someone to want to access their information using only their name and PNR but that’s not very secure — if you find a discarded boarding pass you have the information you need to log in.

  3. The only hack here is Gary Left.

    Hack is if they got into the reservation system and booked tickets for free and good luck with that.

Comments are closed.