A major privacy breach this morning and potential security risk has exposed Qantas and it’s passengers after a glitch in the Qantas app showed the Frequent Flyer and Trip details of random users to people using the iOS version of the Qantas app.
When logging into the app, you are normally presented with your own profile name, your points balance, status credit balance and details of your next trip.
Users this morning were reporting seeing other people’s profiles on the main home page of the app.
Every time you re-open the app (trying to get your own profile), you would likely see another person’s details.
Within 15 minutes I had seen 8 different profiles.
Most concern for both users and Qantas, if a user had a flight in the next 24 hours, the options to show those flights and even an active boarding pass.
This is a major security concern for Qantas, because with just a name, a destination and a flight time, it’s possible to use the automated computer checkin terminals at almost any Australian Airport to get a boarding pass.
Additionally, any boarding passes already issued have been compromised because the QR codes for them may have been captured by other users who could then board the flight.
Qantas essentially need to implement stricter checkin and boarding passes for at least the next 24 hours to ensure the right people are on the right flights.
A Qantas spokesperson told EFTM “We’re urgently working to resolve the issue impacting the Qantas app this morning and we sincerely apologise to our customers who have been impacted.
We’re investigating whether this issue may have been caused by recent system changes.
We recommend that customers log out and log in to their Qantas Frequent Flyer account on the Qantas App. Please also be aware of social media scams at this time.
We’ll continue to provide more information as soon as we can.” (Further updates at the bottom of this article)
Customers should also be aware that scammers are posing on social media as Qantas customer service staff.
Anyone with questions should only speak directly to Qantas call centres, or Staff at Airports.
UPDATE THREE – 12.10PM, 1 MAY 2024
We sincerely apologise to customers impacted by the issue with the Qantas app this morning, which has now been resolved.
Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes.
At this stage, there is no indication of a cyber security incident.
The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.
Qantas
Trev is a Technology Commentator, Dad, Speaker and Rev Head.
He produces and hosts several popular podcasts, EFTM, Two Blokes Talking Tech, Two Blokes Talking Electric Cars, The Best Movies You’ve Never Seen, and the Private Feed. He is the resident tech expert for Triple M on radio across Australia, and is the resident Tech Expert on Channel 9’s Today Show and appears regularly on 9 News, A Current Affair and Sky News Early Edition.
Father of three, he is often found in his Man Cave.
Basketball in the US is heating up in the lead-up to College Basketball's March Madness…
OPPO announced their latest Reno 15 line of smartphones late last month, launching the Reno15…
With a brand new smartphone being announced next week by Samsung, as well as rumours…
Global Vacuum giant Dyson has revealed their second ultra-slim floor cleaner, this time addressing the…
Blink, Amazon’s affordable security cameras, has today announced the expansion of its 2K camera lineup…
Outdoor pizza oven experts Gozney have announced the newest addition to their popular Arc and…