Security Flaw Allowed Delta Passengers to Access Boarding Passes of Others…even on other airlines!

How about a trip to AUA instead of ATL? Hackers of NY founder Dani Grant discovered (via Engadget) a security flaw that enabled Delta passengers to access the boarding passes of others, even those flying with different airlines. Dani, a product intern at BuzzFeed realized she could share the URL to her boarding pass for anyone to download. Then, by changing a digit in the URL, someone else’s boarding pass (even on another airline) popped right up! From the Engadget article:

You’d need to have a legitimate boarding pass in your own name to get past the TSA. Then if you successfully obtained someone else’s boarding pass, it’d have to originate from the same airport you’re at. In other words, if you’re holding a boarding pass from New York to Minneapolis, that Atlanta to Barcelona ticket won’t do much good. The TSA’s press secretary Ross Feinstein said in a statement that “Travel document checking is just one layer of TSA’s defense for aviation security. Officers are trained to detect and potentially deter individuals who may attempt to board an aircraft with fraudulent documents.” Basically, if you happened to try to board an aircraft as someone else, it’s a crime. So there’s that.

Update: Delta spokesperson Paul Skrbec said in a statement to TIME Magazine on Tuesday afternoon: “After a possible issue with our mobile boarding passes was discovered late Monday, our IT teams quickly put a solution in place this morning to prevent it from occurring,” adding that the airline is still investigating the problem but isn’t aware of any compromised customer accounts.

Delta e-Boarding Pass

Leave a Reply

Your email address will not be published. Required fields are marked *