A Bangalore man has hacked the Indigo website to find his lost luggage

A Bangalore man has hacked the Indigo website to find his lost luggage.

The airline did not help retrieve its luggage as a Bangalore person hacked Indigo's website.

“Hi Indigo. Want to hear the story? In conclusion, can I tell you about the hole (technical vulnerability) in your computer? Nadan begins the story.

Hey @IndiGo6E ,
Want to hear a story? And at the end of it I will tell you hole (technical vulnerability )in your system? #dev #bug #bugbounty 😝😝 1/n

— Nandan kumar (@_sirius93_) March 28, 2022

Nandan Kumar, a software engineer, was on an Indigo flight from Patna to Bangalore when his luggage was accidentally transferred to another flyer.

Kumar said he was in touch with customer service but was unable to connect with fellow passenger.

With no call from the airline, Nadan decided to take matters into his own hands, and this is where the story becomes interesting.

"I pressed the F12 button on my computer keyboard, opened the developer console on the IndiGo website, and started the entire check-in flow with the network log," he wrote.

"And one of the network responses was my fellow traveler's phone number and email. This was my least important hacker moment and a ray of hope. I took note of the details and decided to call that person and try to change the bags," the software developer added.

So, today morning I started digging into the indigo website trying the co passenger’s PNR which was written on the bag tag in hope to get the address or number by trying different methods like check-in, edit booking, update contact, But no luck whatsoever.
8/n

— Nandan kumar (@_sirius93_) March 28, 2022

Nadan's effort paid off, and the two passengers exchanged bags.

The story does not end there, and Nadan tells Indigo about the holes in their technical background. "1. Adjust your IVR and make it user-friendly 2. Make your customer service more efficient than efficient 3. Fix your website leaks sensitive data," he listed solutions.

The story did not end here, and eventually, the other passenger wrote that he had not received a call from Indigo, while the flight agent said he had called the person three times.

IndiGo listened to Nadan's story and apologized for the inconvenience and assured him that there were no security vulnerabilities on the website.

pic.twitter.com/GnnGKypGGJ

— IndiGo (@IndiGo6E) March 29, 2022