大象传媒

Qantas: Airline investigates after app lets customers see strangers' data

  • Published
Qantas planeImage source, Getty Images
Image caption,

The airline says it is investigating an issue with its passenger app

Australian airline Qantas says it is investigating a privacy breach on its app that left customers with access to others' personal details.

Some users reported seeing several boarding passes and flight details belonging to strangers, including their names and frequent flyer information.

Qantas said it fixed the problem about three hours after it was discovered, and apologised to customers.

There was "no indication of a cyber security incident", it added.

"Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes," it said in a statement on Wednesday.

Earlier, it had urged those affected to "please be aware of social media scams at this time".

Customer Josh Withers told the ABC that another passenger's name and details appeared when he opened the app on Wednesday.

"It said: 'Hi Sam' and I instantly noticed [that] Sam had a lot more Qantas points than I did," he said.

Mr Withers said that each time he re-opened the portal a new customer's details would appear including their frequent flyer points and scheduled flights.

Other passengers told local media they appeared to have the ability to cancel another passenger's upcoming flight to Europe.

Speaking to Nine News, technology journalist Trevor Long said that in the space of 15 minutes he could "capture at least 8-12 different people's details - including valid boarding passes".

The airline has recommended that users log out and then log back into the app to try and fix the issue.

It said it was "not aware of any customers travelling with incorrect boarding passes".

Social media has been flooded with criticisms of the carrier and posts from people claiming to be affected.

Users on X, formerly Twitter, shared screenshots of the glitch and alleged phishing attempts. Some appeared to show accounts posing as Qantas customer care agents asking for people's personal information in order to assist them.