iscover
A data breach in Qantas’ mobile app has granted users access to the booking information of other customers.
Several Qantas customers have reported being able to access other customers’ account information, point score, status tier, travel destination and even boarding passes.
“My Qantas app logs me in to a different person each time I open it,” one person told 7News.
“I have access to the booking details, QFF numbers, status, and boarding passes of people I don’t know. Logging out and back in does nothing.”
In addition, customers could reportedly change a customer’s seats, cancel their flight altogether or book an entire new flight under their name.
“I was able to access full booking details, including the ability to cancel someone’s flight to Europe,” said another customer.
Following requests for more information, Qantas confirmed that it was aware of the issue and that it was investigating.
“Qantas is investigating reports of an issue impacting the Qantas app this morning,” the spokesperson said.
“We will provide more information as soon as possible.”
In a statement on its website at 10:15am, the Flying Kangaroo said it is “urgently working” to resolve the issue with the app.
“We sincerely apologise to our customers who have been impacted. We’re investigating whether this issue may have been caused by recent system changes,” the statement read.
“We recommend that customers log out and log in to their Qantas Frequent Flyer account on the Qantas App. Please also be aware of social media scams at this time.
“We’ll continue to provide more information as soon as we can.”
Update – 01/05/2024: Qantas has said in a statement that it has resolved the issue with its app, and believes that recent system changes are likely to blame and that there is no indication of a cyber security incident or an attack.
“We sincerely apologise to customers impacted by the issue with the Qantas app this morning, which has now been resolved,” said Qantas in its third update.
“Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes.
“At this stage, there is no indication of a cyber security incident.
“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status.
“No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”
