A breach of privacy on Qantas’s app gave users access to others’ personal information, and the Australian airline is now investigating the incident.
Users have reported seeing boarding passes, travel itineraries, identities, and “frequent flyer” data belonging to unknown individuals.
The Australian airline Qantas apologized to its passengers and claimed it resolved the issue hours after it had been discovered. According to Qantas, no cyber security problem was detected. It added that a technological glitch likely caused the matter and may have been connected to recent system updates.
Customers were not able to transfer or use other people’s airline points, and Qantas claimed there were no reports of customers boarding flights using incorrect details.
Customers were instructed by Qantas to log out and then back into their app during the problem. Users who were impacted should be wary of social media fraud.
Customer Josh Withers noticed that when he accessed the app, the data and identity of another passenger showed. According to Withers, every time he refreshed the page, a fresh set of client data, including their upcoming trips and frequent flyer points, would pop up.
According to other passengers who spoke to local media, it appeared that another passenger’s forthcoming journey to Europe could be canceled by another customer.
IT journalist Trevor Long said he could get eight to twelve sets of personal information, including valid personal airline documents, in under fifteen minutes. Qantas said it did not know any passengers using the wrong boarding data.
Posts from those claiming to be impacted and critiques of the airline have filled social media.
People on X posted images of the problem and what looked like phishing efforts. Some seemed to be accounts pretending to be from Qantas customer service, requesting sensitive information from unsuspecting individuals.
On May 1st, Qantas apologized to customers impacted by the issue with the Qantas app, which was resolved.