Tech

PRIVACY BREACH in Qantas App – user details exposed including Valid Boarding Passes

A major privacy breach this morning and potential security risk has exposed Qantas and it’s passengers after a glitch in the Qantas app showed the Frequent Flyer and Trip details of random users to people using the iOS version of the Qantas app.

When logging into the app, you are normally presented with your own profile name, your points balance, status credit balance and details of your next trip.

Users this morning were reporting seeing other people’s profiles on the main home page of the app.

Every time you re-open the app (trying to get your own profile), you would likely see another person’s details.

Within 15 minutes I had seen 8 different profiles.

Most concern for both users and Qantas, if a user had a flight in the next 24 hours, the options to show those flights and even an active boarding pass.

This is a major security concern for Qantas, because with just a name, a destination and a flight time, it’s possible to use the automated computer checkin terminals at almost any Australian Airport to get a boarding pass.

Additionally, any boarding passes already issued have been compromised because the QR codes for them may have been captured by other users who could then board the flight.

Qantas essentially need to implement stricter checkin and boarding passes for at least the next 24 hours to ensure the right people are on the right flights.

A Qantas spokesperson told EFTM “We’re urgently working to resolve the issue impacting the Qantas app this morning and we sincerely apologise to our customers who have been impacted.

We’re investigating whether this issue may have been caused by recent system changes.

We recommend that customers log out and log in to their Qantas Frequent Flyer account on the Qantas App. Please also be aware of social media scams at this time.

We’ll continue to provide more information as soon as we can.” (Further updates at the bottom of this article)

Customers should also be aware that scammers are posing on social media as Qantas customer service staff.

Anyone with questions should only speak directly to Qantas call centres, or Staff at Airports.

UPDATE THREE – 12.10PM, 1 MAY 2024

We sincerely apologise to customers impacted by the issue with the Qantas app this morning, which has now been resolved.

Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes.

At this stage, there is no indication of a cyber security incident.

The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.

Qantas

Recent Posts

  • Tech

Netgear launches Orbi 370, their most afffordable WiFi7 mesh system yet

Netgear have expanded their range of WiFi 7 Orbi devices in Australia, with the launch…

1 day ago
  • Tech

Alienware Area 51 Desktop Review: High Capacity Gaming

After a litany of gaming laptop reviews here at EFTM, Alienware have sent over their…

1 day ago
  • Lifestyle

Tineco announces new wet and dry floor cleaners including the flagship the FLOOR ONE S7 Stretch and the FLOOR ONE S7 Stretch Deluxe

Tineco, the "global leader in the household wet & dry floor cleaner category," has released…

1 day ago
  • Tech

Channel 10 available on LG Channels – watch Free TV without an Antenna

Paramount Australia, owners of Network Ten may have just done the single smartest thing a…

1 day ago
  • Motoring

Podcast: MG’s S5 SUV is a cracker for value – Two Blokes Talking Electric Cars

We've driven the MG S5 and it's some exceptional value for money, a decent sized…

2 days ago
  • Tech

Peloton are going AI with Peloton IQ, launching alongside a new cross training series of devices

Peloton is the latest company to introduce AI to its portfolio with AI-powered coaching, known…

5 days ago