Mann hackt Airline-Webseite, um verlorenen Koffer zu finden
01. April 2022, 21:03 | 0 KommentareBild: Pixabay
Über die Website der Airline kam ein Fluggast an die Adresse oder Telefonnummer eines Co-Passagiers.
Der 28-jährige Nandan Kumar hat die Website der indischen Billigairline IndiGo gehackt, um seinen verlorenen Koffer ausfindig zu machen. Zuvor hatte er die Airline um Hilfe bei der Suche gebeten, diese wurde ihm aus Datenschutzgründen aber verwehrt. In einem Statement von IndiGo, das der BBC zugeschickt wurde, heißt es, die Airline würde Passagieren keine Kontaktdaten anderer Passagieren weitergeben.
Kumar und ein mitfliegender Passagier hatten ihre Koffer verwechselt, weil sie sich ihm zufolge äußerst ähnlich sehen. Erst zuhause realisierte er den Fehler und meldete sich bei der Airline. Er hatte den Vorfalls auf Twitter geschildert.
Nandan kumar @_sirius93_
Hey @IndiGo6E , Want to hear a story? And at the end of it I will tell you hole (technical vulnerability )in your system? #dev #bug #bugbounty 😝😝 1/n
Am 28. März, 2022 um 14:39 via ✕
Hey @IndiGo6E , Want to hear a story? And at the end of it I will tell you hole (technical vulnerability )in your system? #dev #bug #bugbounty 😝😝 1/n
Am 28. März, 2022 um 14:39 via ✕
Nandan kumar @_sirius93_
Soo I traveled from PAT - BLR from indigo 6E-185 yesterday. And my bag got exchanged with another passenger. Honest mistake from both our end. As the bags exactly same with some minor differences. 2/n
Am 28. März, 2022 um 14:45 via ✕
Soo I traveled from PAT - BLR from indigo 6E-185 yesterday. And my bag got exchanged with another passenger. Honest mistake from both our end. As the bags exactly same with some minor differences. 2/n
Am 28. März, 2022 um 14:45 via ✕
Nandan kumar @_sirius93_
I realised it only after I reached home when my wife pointed out that the bag seems to be a different from ours as we don’t use key based locks in our bags. PS: We have too much faith in airline staff 😝😝 So right after reaching home I called your customer care. 3/n
Am 28. März, 2022 um 14:48 via ✕
I realised it only after I reached home when my wife pointed out that the bag seems to be a different from ours as we don’t use key based locks in our bags. PS: We have too much faith in airline staff 😝😝 So right after reaching home I called your customer care. 3/n
Am 28. März, 2022 um 14:48 via ✕
Nandan kumar @_sirius93_
After multiple calls and navigating through @IndiGo6E IVR and of course a lot of wait I was able to connect to one of your customer care agents and they tried to connect me with the co-passenger. But all in vain. 4/n
Am 28. März, 2022 um 14:51 via ✕
After multiple calls and navigating through @IndiGo6E IVR and of course a lot of wait I was able to connect to one of your customer care agents and they tried to connect me with the co-passenger. But all in vain. 4/n
Am 28. März, 2022 um 14:51 via ✕
Nandan kumar @_sirius93_
So long story short I couldn’t get any resolution on the issue. And neither your customer care team was not ready to provide me the contact details of the person citing privacy and data protection . @Ankurkrtweets take note of this, it gets interesting😝 5/n
Am 28. März, 2022 um 14:54 via ✕
So long story short I couldn’t get any resolution on the issue. And neither your customer care team was not ready to provide me the contact details of the person citing privacy and data protection . @Ankurkrtweets take note of this, it gets interesting😝 5/n
Am 28. März, 2022 um 14:54 via ✕
Nandan kumar @_sirius93_
After the call did not work, the agent assured me that they will call me back when they are able to reach the other person. (I am still waiting for that call ) 👇🏻 6/n https://t.co/uy7tkqWUO7
Am 28. März, 2022 um 14:57 via ✕
After the call did not work, the agent assured me that they will call me back when they are able to reach the other person. (I am still waiting for that call ) 👇🏻 6/n https://t.co/uy7tkqWUO7
Am 28. März, 2022 um 14:57 via ✕
Nandan kumar @_sirius93_
So I slept the night without any resolution to the issue. Thinking I may get a call in morning. And after I did not get any calls from @IndiGo6E I decided to take the matter in my own hands 7/n
Am 28. März, 2022 um 14:59 via ✕
So I slept the night without any resolution to the issue. Thinking I may get a call in morning. And after I did not get any calls from @IndiGo6E I decided to take the matter in my own hands 7/n
Am 28. März, 2022 um 14:59 via ✕
Nandan kumar @_sirius93_
So, today morning I started digging into the indigo website trying the co passenger’s PNR which was written on the bag tag in hope to get the address or number by trying different methods like check-in, edit booking, update contact, But no luck whatsoever. 8/n
Am 28. März, 2022 um 15:03 via ✕
So, today morning I started digging into the indigo website trying the co passenger’s PNR which was written on the bag tag in hope to get the address or number by trying different methods like check-in, edit booking, update contact, But no luck whatsoever. 8/n
Am 28. März, 2022 um 15:03 via ✕
Nandan kumar @_sirius93_
So now, after all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole checkin flow with network log record on. 9/n
Am 28. März, 2022 um 15:07 via ✕
So now, after all the failed attempts, my dev instinct kicked in and I pressed the F12 button on my computer keyboard and opened the developer console on the @IndiGo6E website and started the whole checkin flow with network log record on. 9/n
Am 28. März, 2022 um 15:07 via ✕
Nandan kumar @_sirius93_
And there in one of the network responses was the phone number and email I’d of my co-passenger. Ah this was my low-key hacker moment 😇😇 and the ray of hope. I made note of the details and decided to call the person and try to get the bags swapped. #dev #dataleak #bug https://t.co/9l4pmNDk6V
Am 28. März, 2022 um 15:11 via ✕
And there in one of the network responses was the phone number and email I’d of my co-passenger. Ah this was my low-key hacker moment 😇😇 and the ray of hope. I made note of the details and decided to call the person and try to get the bags swapped. #dev #dataleak #bug https://t.co/9l4pmNDk6V
Am 28. März, 2022 um 15:11 via ✕
Nandan kumar @_sirius93_
And thankfully I was able to reach my co passenger with the phone number I got from the logs and luckily we lived in a close proximity of 6-7 KMs. So we decided to meet at a Center point and got our bags swapped. Dear @IndiGo6E , take note of my next tweet and try to improve.
Am 28. März, 2022 um 15:15 via ✕
And thankfully I was able to reach my co passenger with the phone number I got from the logs and luckily we lived in a close proximity of 6-7 KMs. So we decided to meet at a Center point and got our bags swapped. Dear @IndiGo6E , take note of my next tweet and try to improve.
Am 28. März, 2022 um 15:15 via ✕
Nandan kumar @_sirius93_
Dear, @IndiGo6E take note 1. Fix your IVR and make it more user friendly 2. Make your customer service more proactive than reactive 3. Your website leaks sensitive data get it fixed.
Am 28. März, 2022 um 15:18 via ✕
Dear, @IndiGo6E take note 1. Fix your IVR and make it more user friendly 2. Make your customer service more proactive than reactive 3. Your website leaks sensitive data get it fixed.
Am 28. März, 2022 um 15:18 via ✕
Nandan kumar @_sirius93_
Fun Fact: When I asked my co passenger if he had got a call from indigo , he denied it saying he did not get any calls. While the agent claimed to me that They called three times. @IndiGo6E @Ankurkrtweets @scottishladki
Am 28. März, 2022 um 15:21 via ✕
Fun Fact: When I asked my co passenger if he had got a call from indigo , he denied it saying he did not get any calls. While the agent claimed to me that They called three times. @IndiGo6E @Ankurkrtweets @scottishladki
Am 28. März, 2022 um 15:21 via ✕
Nandan kumar @_sirius93_
For those asking what was the co-passenger doing, He did not realise that the bags were exchanged until I called him and explained the whole scenario. He was also surprised on how did I get his number, had to explain that to him too. But at the end we both were happy.
Am 01. April, 2022 um 0:43 via ✕
For those asking what was the co-passenger doing, He did not realise that the bags were exchanged until I called him and explained the whole scenario. He was also surprised on how did I get his number, had to explain that to him too. But at the end we both were happy.
Am 01. April, 2022 um 0:43 via ✕
Nandan kumar @_sirius93_
I have been realised that in some cases the phone number and email I’d is visible on the screen it self. That wasn’t the case with my co passenger’s , I had to look into the network log. In those cases it’s even easier for ppl with malicious intent to get the details.
Am 01. April, 2022 um 0:47 via ✕
I have been realised that in some cases the phone number and email I’d is visible on the screen it self. That wasn’t the case with my co passenger’s , I had to look into the network log. In those cases it’s even easier for ppl with malicious intent to get the details.
Am 01. April, 2022 um 0:47 via ✕
Nandan kumar @_sirius93_
Also.. in the network response, they are even sending details like: - Address that you enter while doing a web checkin i.e. your home address or your hotel/airbnb address - You check in baggage details with id and weight And some more crucial details.
Am 01. April, 2022 um 0:50 via ✕
Also.. in the network response, they are even sending details like: - Address that you enter while doing a web checkin i.e. your home address or your hotel/airbnb address - You check in baggage details with id and weight And some more crucial details.
Am 01. April, 2022 um 0:50 via ✕
Nandan kumar @_sirius93_
My only suggestion to fellow passengers is to please do not share your boarding pass photos or your PNR details on social media or public domain. And I hope airlines take all these things in account and do something about it i.e. encrypt the data being sent over the network.
Am 01. April, 2022 um 0:54 via ✕
My only suggestion to fellow passengers is to please do not share your boarding pass photos or your PNR details on social media or public domain. And I hope airlines take all these things in account and do something about it i.e. encrypt the data being sent over the network.
Am 01. April, 2022 um 0:54 via ✕
Mehr dazu findest Du auf futurezone.at
Kurze URL:
Das könnte Dich auch interessieren:
Der Angriff fand bei einem Landeanflug in Baden-Württemberg statt. Inzwischen konnten Strafverfolger einen 50-jährigen Verdächtigen ermitteln.
In der neuen Folge des "ZDF Magazin Royal" wird auch das Verhalten von "KuchenTV" gegenüber der Streamerin "Shurjoka" aufgegriffen
Ähnliche News:
Mann verklagt Stadtverwaltung wegen 8.000 verlorener BTC
Chinas reichster Mann ist Gründer der Schnäppchen-App Temu
Wegen Elon Musk: Deutsche Handelskette Rossmann kauft keine Teslas mehr
USA: Mann holt Drohne des Nachbarn mit Schrotflinte vom Himmel
aleX fotografiert: Ein Storch am Dach der Hermann Otto GmbH in Fridolfing
Bemannter Erstflug der Boeing-Starliner vorerst abgesagt
Helium-Leck: Boeing verschiebt ersten bemannten Starliner-Flug erneut
NASA und Boeing planen bemannten Testflug des Starliner für Mai
Mann erstellt Dating-App, in der man nur ihn daten kann
40 Jahre Haft für Ex-CIA-Mann wegen Weitergabe von Hackerprogrammen
Chinas reichster Mann ist Gründer der Schnäppchen-App Temu
Wegen Elon Musk: Deutsche Handelskette Rossmann kauft keine Teslas mehr
USA: Mann holt Drohne des Nachbarn mit Schrotflinte vom Himmel
aleX fotografiert: Ein Storch am Dach der Hermann Otto GmbH in Fridolfing
Bemannter Erstflug der Boeing-Starliner vorerst abgesagt
Helium-Leck: Boeing verschiebt ersten bemannten Starliner-Flug erneut
NASA und Boeing planen bemannten Testflug des Starliner für Mai
Mann erstellt Dating-App, in der man nur ihn daten kann
40 Jahre Haft für Ex-CIA-Mann wegen Weitergabe von Hackerprogrammen
Weitere News:
Lästiger App-Bug: Update und Deinstallation unter Windows 10 nicht möglich
Knapp vor 100.000 Dollar: Bitcoin weiter auf Rekordjagd
Microsoft: Flight Simulator 2024 wird "Größtenteils negativ" bewertet
Wegen Sicherheitslücke: D-Link drängt auf Entsorgung älterer Router
US-Regierung will Chrome vom Rest des Konzerns abspalten
Windows 11: Lautstärke unerwartet voll aufgedreht
Restore Credentials: Nahtloser App-Wechsel auf neuen Android-Geräten möglich
Windows 10: Microsoft nervt Nutzer mit Vollbildwerbung für Copilot+-PCs
Nvidia wächst rasant und Aktie fällt
Über Spotify wird nun auch raubkopierte Software verteilt
Knapp vor 100.000 Dollar: Bitcoin weiter auf Rekordjagd
Microsoft: Flight Simulator 2024 wird "Größtenteils negativ" bewertet
Wegen Sicherheitslücke: D-Link drängt auf Entsorgung älterer Router
US-Regierung will Chrome vom Rest des Konzerns abspalten
Windows 11: Lautstärke unerwartet voll aufgedreht
Restore Credentials: Nahtloser App-Wechsel auf neuen Android-Geräten möglich
Windows 10: Microsoft nervt Nutzer mit Vollbildwerbung für Copilot+-PCs
Nvidia wächst rasant und Aktie fällt
Über Spotify wird nun auch raubkopierte Software verteilt
Einen Kommentar schreiben
Kommentare
Bitte bleibe sachlich und fair in deinen Äußerungen. Sollte dein Kommentar nicht sofort erscheinen, ist er in der Warteschlange gelandet und wird meist zeitnah freigeschaltet.
(0)
Bitte bleibe sachlich und fair in deinen Äußerungen. Sollte dein Kommentar nicht sofort erscheinen, ist er in der Warteschlange gelandet und wird meist zeitnah freigeschaltet.
Kommentare:
Du hast bereits für diesen
Kommentar abgestimmt...
;-)
© by Ress Design Group, 2001 - 2024