Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Qantas breach exposes customer booking details

A data breach in Qantas’ mobile app has granted users access to the booking information of other customers.

user icon Daniel Croft
Wed, 01 May 2024
Qantas customers able to cancel others flights following app data breach
expand image

Several customers of the Australian national carrier have reported being able to access other customers’ account information, point score, status tier, travel destination and even boarding passes.

“My Qantas app logs me in to a different person each time I open it,” one person told 7News.

“I have access to the booking details, QFF numbers, status, and boarding passes of people I don’t know. Logging out and back in does nothing.”

============
============

In addition, customers could reportedly change a customer’s seats, cancel their flight altogether or book an entire new flight under their name.

“I was able to access full booking details, including the ability to cancel someone’s flight to Europe,” said another customer.

Following requests for more information from Cyber Daily, Qantas confirmed that it was aware of the issue and that it was investigating.

“Qantas is investigating reports of an issue impacting the Qantas app this morning,” the spokesperson told Cyber Daily.

“We will provide more information as soon as possible.”

Update – 01/05/2024: Qantas has released a longer statement regarding the incident and has said that recent system changes may be the cause of the issue.

“We’re urgently working to resolve the issue impacting the Qantas app this morning, and we sincerely apologise to our customers who have been impacted,” said Qantas.

“We’re investigating whether this issue may have been caused by recent system changes.

“We recommend that customers log out and log in to their Qantas Frequent Flyer account on the Qantas App. Please also be aware of social media scams at this time.

“We’ll continue to provide more information as soon as we can.”

Update - 01/05/2024: Qantas has said in a statement that it has resolved the issue with its app, and believe that recent system changes are likely to blame and that there is no indication of a cyber security incident or an attack.

"We sincerely apologise to customers impacted by the issue with the Qantas app this morning, which has now been resolved," said Qantas in its third update.

"Current investigations indicate that it was caused by a technology issue and may have been related to recent system changes.

"At this stage, there is no indication of a cyber security incident.

"The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status.

"No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes."

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.