Qantas app leaks other peoples' booking details causing data breach

Qantas is reporting a data breach affecting its mobile app, which has inadvertently exposed personal booking details of customers.

Users of the app were presented with the booking information of other customers rather than their own. This includes access to sensitive data like:

• boarding passes,
• Qantas Frequent Flyer (QFF) numbers,
• travel status tiers,
• points scores.

The breach has made it possible for users to view and potentially modify other customers' travel details, including reassigning seats, cancelling flights, or even making new bookings under another person's name.

One user specifically noting they could manipulate the booking details for a flight to Europe. Another user noted the unpredictability of the issue, as  a different account's details were presented to them with each login attempt.

Qantas has acknowledged the problem and is actively working to rectify the situation. The airline has issued an apology to its customers and suggested that this breach may be linked to recent changes made to their systems. In response to the breach, Qantas has recommended that customers should log out and then log back into their accounts as a precautionary measure. Additionally, the airline warned customers to be vigilant about potential social media scams during this period.