Qantas, Australia's flagship airline, has launched an investigation into a privacy breach on its passenger app, which allowed customers to access strangers' personal information. The issue, which was discovered on Wednesday, enabled users to view other passengers' boarding passes and flight details, including their names and frequent flyer information.
According to reports, some customers were able to see multiple boarding passes and flight details belonging to other passengers, while others claimed they could cancel another passenger's upcoming flight. Technology journalist Trevor Long told Nine News that he was able to access at least 8-12 different people's details, including valid boarding passes, in just 15 minutes.
Qantas apologized for the breach and assured customers that it was not a cyber security incident. The airline stated that the issue was caused by a technology problem, possibly related to recent system changes, and was fixed within three hours of being discovered.
However, the incident has sparked widespread concern and criticism on social media, with many users expressing frustration and worry about the potential consequences of the breach. Some customers reported receiving phishing attempts from accounts posing as Qantas customer care agents, asking for personal information in order to "assist" them.
The airline has advised users to log out and log back into the app to resolve the issue and has recommended that customers be cautious of social media scams. Qantas also stated that it is not aware of any customers traveling with incorrect boarding passes.
This incident highlights the importance of data privacy and security, particularly in the airline industry where sensitive customer information is involved. Qantas has promised to investigate the matter further and take steps to prevent similar breaches in the future.
In the meantime, customers are advised to remain vigilant and take steps to protect their personal information. This includes being cautious of phishing attempts and monitoring their accounts for any suspicious activity. The incident serves as a reminder of the need for companies to prioritize data security and protect their customers' personal information.
No comments:
Post a Comment