Qantas app data breach allows customers to access strangers' booking details

https://7news.com.au/news/qantas-app-data-breach-allows-customers-to-access-strangers-booking-details-c-14504516

Qantas customers have reported a data breach with the national carrier’s app that allows travellers to access a stranger’s booking information.

After logging into the Qantas app, customers were being presented with the wrong account details, including the person’s boarding pass, points score and status tier.

The user could see where the other customer was travelling to, as well as seemingly change their seats, cancel their flight or even book a flight under their name.

Know the news with the 7NEWS app: Download today Download today

“I have access to the booking details, QFF numbers, status, and boarding passes of people I don’t know. Logging out and back in does nothing,” one person said.

A second person said: “I was able to access full booking details, including the ability to cancel someone’s flight to Europe.”

Another Qantas customer reported seeing a different account each time they opened the app.

Qantas said it was urgently working to fix the issue, which was resolved about 12pm Wednesday.

“We sincerely apologise to customers impacted by the issue with the Qantas app this morning, which has now been resolved,” a spokesperson said.

“Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes.

“At this stage, there is no indication of a cyber security incident.

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status.

“No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

{
"by": "beatthatflight",
"descendants": 13,
"id": 40218197,
"kids": [
40219027,
40219990,
40219017,
40219270,
40219354
],
"score": 37,
"time": 1714523772,
"title": "Qantas app data breach allows customers to access strangers' booking details",
"type": "story",
"url": "https://7news.com.au/news/qantas-app-data-breach-allows-customers-to-access-strangers-booking-details-c-14504516"
}
{
"author": "Ailish Delaney",
"date": "2024-05-01T14:35:53.859Z",
"description": "‘I was able to access full booking details, including the ability to cancel someone’s flight to Europe.’",
"image": "https://images.7news.com.au/publication/C-14504516/b0181696ff45af0a27cc4f937a591091cc3ea3aa-16x9-x0y0w1280h720.jpg?imwidth=1200",
"logo": null,
"publisher": "7NEWS",
"title": "Customers’ horror as Qantas leaks booking details to strangers",
"url": "https://7news.com.au/news/qantas-app-data-breach-allows-customers-to-access-strangers-booking-details-c-14504516"
}
{
"url": "https://7news.com.au/news/qantas-app-data-breach-allows-customers-to-access-strangers-booking-details-c-14504516",
"title": "Customers’ horror as Qantas leaks booking details to strangers",
"description": "Qantas customers have reported a data breach with the national carrier’s app that allows travellers to access a stranger’s booking information.After logging into the Qantas app, customers were being presented...",
"links": [
"https://7news.com.au/news/qantas-app-data-breach-allows-customers-to-access-strangers-booking-details-c-14504516",
"https://7news.com.au/news/qantas-app-data-breach-allows-customers-to-access-strangers-booking-details-c-14504516.amp"
],
"image": "https://images.7news.com.au/publication/C-14504516/b0181696ff45af0a27cc4f937a591091cc3ea3aa-16x9-x0y0w1280h720.jpg?imwidth=1200",
"content": "<div><p><a target=\"_blank\" href=\"https://7news.com.au/travel/qantas\">Qantas</a> customers have reported a data breach with the national carrier’s app that allows travellers to access a stranger’s booking information.</p><p>After logging into the Qantas app, customers were being presented with the wrong account details, including the person’s boarding pass, points score and status tier.</p><p>The user could see where the other customer was travelling to, as well as seemingly change their seats, cancel their flight or even book a flight under their name.</p><p><span>Know the news with the 7NEWS app: <a href=\"https://7news.com.au/app?utm_source=7NEWS&amp;utm_medium=contextual-link-app&amp;utm_campaign=7news-app\" target=\"_blank\">Download today <img src=\"https://7news.com.au/static/media/right-red-arrow.92bca5db.svg\" alt=\"Download today\" /></a></span></p><p>“I have access to the booking details, QFF numbers, status, and boarding passes of people I don’t know. Logging out and back in does nothing,” one person said.</p><p>A second person said: “I was able to access full booking details, including the ability to cancel someone’s flight to Europe.”</p><p>Another Qantas customer reported seeing a different account each time they opened the app.</p><p>Qantas said it was urgently working to fix the issue, which was resolved about 12pm Wednesday.</p><p>“We sincerely apologise to customers impacted by the issue with the Qantas app this morning, which has now been resolved,” a spokesperson said.</p><p>“Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes.</p><p>“At this stage, there is no indication of a cyber security incident.</p><p>“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status.</p><p>“No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”</p></div>",
"author": "/humans.txt",
"favicon": "https://7news.com.au/static/favicons/favicon.ico",
"source": "7news.com.au",
"published": "2024-05-01T14:35:53.859Z",
"ttr": 55,
"type": "article"
}