🗞️Qantas Investigates App Issue: Customers Seeing Incorrect Profiles
Today’s email is brought to you by Empower your podcasting vision with a suite of creative solutions at your fingertips.
UPDATE – 12.10PM, 1 MAY 2024
We sincerely apologise to customers impacted by the issue with the Qantas app this morning, which has now been resolved.
Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes.
At this stage, there is no indication of a cyber security incident.
After several users claimed to be able to view the data of strangers, Qantas announced that it is looking into the matter.
The Evening Post AU saw screenshots of Qantas app users logging in to see a stranger's profile. This included their name, flight information, and loyalty points.
Many social media users are reporting the issue.
Qantas stated that it is aware of the issue:
Qantas is investigating whether system changes caused this morning's app issue.
In a statement from Qantas :
We’re urgently working to resolve the issue impacting the Qantas app this morning and we sincerely apologise to our customers who have been impacted.
We’re investigating whether this issue may have been caused by recent system changes.
We recommend that customers log out and log in to their Qantas Frequent Flyer account on the Qantas App. Please also be aware of social media scams at this time.
We’ll continue to provide more information as soon as we can.
Nothing is free like a free press. Give now to help sustain independent journalism in your community.
It's evident from recent events that there has never been a better moment to support local news. Donate now to help sustain independent reporting.
Others posted about their travel plans on X, while others discovered X accounts impersonating Qantas to steal app users' information.
In an appearance on Today, tech expert Trevor Long connected the bug to a Qantas app update.
"Well, basically there was an update to the Qantas app where they talk about new features and on the home page of the Qantas app you were seeing someone else's details," Mr Long explained.
I was able to get the details of at least eight to twelve different people this morning, including their boarding passes, in the course of about fifteen minutes.
The boarding pass has a QR code on it that is valid until the flight, and even after this problem is fixed, the boarding pass will remain valid.
"So Qantas is going to have to reissue boarding passes at the very least, which will create chaos for people who had saved that boarding pass into their digital wallet on their smartphone."
Qantas is investigating reports of an issue impacting the Qantas app this morning.
Meanwhile, Dr. Mhuhammed Esgin from Monash University said "It is too early to tell what exactly caused the issue. However, it is certainly a privacy concern given (unauthorised) people are able to see personal information about other Qantas passengers.
“Many companies store customer information in a database and mobile applications need to first authenticate a customer to make sure that it is really the right person being granted access. Then typically the app is allowed to retrieve information from the database about that particular user only and not others, unless permission is granted. The issue seems to be that somehow the app is retrieving private information about other users.” Dr. Esgin said.
He said to prevent such issues, there needs to be proper authentication, authorisation and access control in place. That means we need to make sure that it is really the right person, accessing the right information and nothing beyond what is permitted.
“Unfortunately, these kinds of personal information exposure can be exploited by cybercriminals. It is difficult to measure the extent of the exploitation at this point as we may not be able to fully understand how much sensitive information has been exposed. However, a common strategy of cybercriminals is to use such sensitive information and situations like this to scam users, for example by pretending to be calling/texting/emailing from Qantas or using the sensitive information leaked to present a more convincing scenario to their victims.” He added.
Got a News Tip?
Contact our editor via Proton Mail encrypted, X Direct Message, LinkedIn, or email. You can securely message him on Signal by using his username, Miko Santos.
More on The Evening Post AU
Get Evening Post Wrap - for nighly bite size news around Australia and the world.
Podwires Daily - for providing news about audio trends and podcasts.
Podwires Asia - for reporting on podcasting and audio trends in South East Asia
There’s a Glitch - updated tech news and scam and fraud trends
The Freeman Chronicle Podcast - features expert interviews on current political and social issues in Australia and worldwide.
That Podcast Exchange - This podcast is an insightful conversation with people at the top of their game and deconstructs them to find the tools, tactics, and tricks to help you achieve your dream goal as Podcast Manager.