updated

Qantas plays down scam fears despite app bungle revealing names, status and point balances of frequent flyers

Neale Prior and David Johns
The Nightly
Qantas is investigating what could be a massive data breach.
Qantas is investigating what could be a massive data breach. Credit: Scott Barbour/Getty Images

Qantas is attempting to hose down concerns passengers have been snared in a cyber-security incident after users of the airline’s app were shown sensitive information about other customers.

The airline has confirmed widespread reports about Qantas app users being incorrectly shown the name, upcoming flight details, points balance and membership status of other frequent flyers.

“No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas points of other frequent flyers,” Qantas said in a mid-morning update on its app problems.

Sign up to The Nightly's newsletters.

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

Email Us
By continuing you agree to our Terms and Privacy Policy.

But a Perth businessman who has more than three million frequent flyer points said a scammer would have had plenty of information to target him if his details had accidentally been displayed in the Tuesday morning bungle.

Claiming its app problem had been resolved, Qantas said its “current investigations” indicated the app security breakdown was “caused by a technology issue and may have been related to recent system changes”.

“At this stage, there is no indication of a cyber security incident,” it said.

But Qantas customers are sharing stories on social media about accessing the information of different customers each time they logged onto the airline’s app trying to get their own details

One customer reported seeing the booking and account of three other frequent flyers, including one with more than 600,000 points, before gaining access to their own information.

Another frequent flyer, who shared screenshots of the app, said he had access to the booking details, frequent flyer numbers and boarding passes of people he didn’t know.

“Logging out and back in does nothing,” he said on X. “Good luck to anyone on a Qantas flight today.

“I just logged into the Qantas app to see someone else’s FF account, including their boarding pass and check in option for their flight in a few hours…”

More than an hour after Qantas sent out a media statements saying it was “urgently working to resolve” its app problem, a staff member at Perth Airport told The Nightly they had only just received notice from management.

By then, customer were reporting being unable to log in to their flight details through the Qantas app and some were reporting difficulty retrieving their information at the check-in terminal.

“All my information has disappeared — I can’t see it,” said one passenger.

Another woman said her husband saw the details of another customer when he signed onto the app and was being helped by counter staff to sort out their problem.

A pair of outgoing FIFO workers using the Qantas app reported different experiences, with one saying all his information was correct and the other saying his information was gone.

Bemused users also bombarded the Qantas Frequent Flyers Facebook page to report problems.

“I was Sally now I am Caroline and I’m going to Singapore, not Brisbane,” said one male group member. “Serious data breach.”

Another member said: “I am getting random people every time I refresh! Even their boarding passes!”

“Sadly I’m still the same bronze but my flight in 8 days was showing as in 21 days,” said another.

In an earlier statement, a Qantas spokesperson said it was “investigating whether this issue may have been caused by recent system changes”.

“We recommend that customers log out and log in to their Qantas Frequent Flyer account on the Qantas App. Please also be aware of social media scams at this time.

“We’ll continue to provide more information as soon as we can.”

Technology expert Trevor Long said on breakfast television that an update to the app on Wednesday had led to the details of multiple other customers showing up, including boarding passes.

Mr Long said the issue would likely result in customers having to be reissued boarding passes, potentially causing chaos for people using a digital wallet.

While likely to be fixed quickly, the error raises the prospect of scammers using information from the boarding passes, which are valid for up to 24 hours.

The Qantas frequent flyer unit is one of the largest loyalty businesses in Australia, with about 16 million members.

Comments

Latest Edition

The Nightly cover for 13-12-2024

Latest Edition

Edition Edition 13 December 202413 December 2024

The political battle for Australia’s future energy network has just gone nuclear.