An Indian techie named Nandan Kumar hacked an airline's website to locate his own luggage after he accidentally switched it with a co-passenger's luggage on March 27.

Kumar, a software engineer by profession, had boarded an IndiGo flight 6E-185 from Patna to Bengaluru when the swap happened. He took another passenger's bag by mistake after deboarding the flight and did not realise he was not carrying his bag until he reached home.

He then reached out to IndiGo's customer care executives who were unable to connect him to the concerned person. He said that he had to take matters into his own hands after he did not get any help.

So I slept the night without any resolution to the issue. Thinking I may get a call in morning.

And after I did not get any calls from @IndiGo6E I decided to take the matter in my own hands 7/n

— Nandan kumar (@_sirius93_) March 28, 2022

Kumar added that IndiGo's customer care centre refused to provide him with his co-passenger's contact details citing privacy concerns, according to a report in The Independent.

Kumar in a Twitter post explained how he was able to get the mobile number of the concerned person. "Hey IndiGo6E want to hear a story? And at the end of it I will tell you a technical vulnerability in your system," Kumar wrote in the first tweet.

He continued: "I pressed the F12 button on my computer keyboard and opened the developer console on the IndiGo website and started the whole check-in flow with network log record on."

"And there in one of the network responses was the phone number and email ID of my co-passenger. Ah this was my low-key hacker moment and the ray of hope," Kumar wrote in the post.

He was finally able to connect to the person and found out that they lived close by and decided to swap bags. "We decided to meet at a center point and got our bags swapped," he added. He signed off with a piece of advice for IndiGo.

"Fix your IVR and make it more user friendly, make your customer service more proactive than reactive. Your website leaks sensitive data, get it fixed," added Kumar.

However, IndiGo representatives later denied having any vulnerability in their systems and refuted Kumar's claims that their website "leaks data." It said that the airline is "fully committed to consumer data privacy and industry benchmark cybersecurity standards".

IndiGo
REUTERS/Rupak De Chowdhuri