Aussie airline Qantas says its app is now stable following a data breach that saw boarding passes take off from passengers' accounts.
Customers and local media reported on Wednesday seeing other customers' boarding passes, airline points, and personal information such as names being displayed in their Qantas mobile app.
Trevor Long, a tech journalist speaking to local broadcaster 9News Australia, said[1] he was able to view as many as eight other people's details and boarding passes in his account.
Qantas said in a statement that there were two periods throughout the day in which "some customers" were being issued with wrong details, but the blunder isn't thought to be the result of a cybersecurity breach.
"Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes," it said[2]. "At this stage, there is no indication of a cybersecurity incident."
To further reassure users, it added that financial information wasn't among the data shared with other customers, and despite airline points being displayed, they weren't usable or transferable.
Qantas also said it received no reports of individuals trying to board flights using other flyers' passes, and even if they did, the airline has processes in place that would prevent the pass from being used fraudulently.
The airline issued an apology to customers, saying that it's continuing to monitor the app for any other glitches that arise.
- Uncle Sam wants to know how big airlines use passenger data[3]
- Air Canada must pay damages after chatbot lies to grieving passenger about discount[4]
- Southwest Airlines lands $140M fine for that Christmas IT meltdown[5]
- Japan Airlines fuels up on hydrogen hype with eye on cleaner skies[6]
"We sincerely apologize to customers impacted by the issue with the Qantas app this morning, which has now been resolved."
Qantas also urged customers to be on high alert for social media scams[7] that could be spun up to capitalize on the incident.
It certainly wouldn't be the first time scammers have tried to use current events to their advantage. In 2019, following the fall of what was at the time the world's oldest travel agency, Thomas Cook, there was a huge spike in phishing sites[8] being created to exploit former staff and customers.
Researchers said the lures were most commonly focused on those seeking advice about compensation claims. Targeting the vulnerable, essentially, as scammers often do.
A similar situation could feasibly unfold in the wake of the Qantas app debacle too, with customers fearing their data was stolen, for example.
Qantas app users have also been advised to reauthenticate into their frequent flyer account within the app. ®
