A incredibly simple URL trick allowed anyone in possession of a Delta airlines online boarding pass to get hold of someone else’s pass. All the holder had to do was change a single number in the pass’ URL to get the pass of another passenger.
The trick was discovered by a journalist who accidentally changed a digit in the URL of their boarding pass. This ‘vulnerability’ meant that literally anyone could have got hold of your Delta boarding pass, with ultimately no hacking required.
In a statement to Gizmodo, Delta have since apologised and patched up the issue.
“After a possible issue with our mobile boarding passes was discovered late Monday, our IT teams quickly put a solution in place this morning to prevent it from occurring,” Delta spokesperson Paul Skrbec said. “As our overall investigation of this issue continues, there has been no impact to flight safety, and at this time we are not aware of any compromised customer accounts.” The airline added, “We apologize for any concern this may have caused.”