Qantas app exposed sensitive traveler details to random users

Qantas Airways confirms that some of its customers were impacted by a misconfiguration in its app that exposed sensitive information and boarding passes to random users.

Qantas is Australia's flag carrier and the largest airline by fleet size, operating 125 aircraft and serving 104 destinations. Qantas has 23,500 employees and an annual revenue of almost $12.9 billion.

Earlier today, several users of the Qantas app reported on social media that they could view other users' travel details, including personally identifiable information, boarding passes for upcoming flights, and other account information.

Qantas quickly responded to the reports and confirmed an unintentional exposure of sensitive information possibly caused by recent system changes.

The airline recommended that customers log out from their 'Frequent Flyer' account on the Qantas app and remain vigilant about scams on social media.

A subsequent update announced the resolution of the issue with the airline, confirming that a cyberattack didn't cause the incident but rather internal configuration changes that caused information to be exposed only on the app.

"The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status," explained Qantas in its announcement.

"No further personal or financial information was shared, and customers would not have been able to transfer or use the Qantas Points of other frequent flyers."

The airline added that they're not aware of any customers traveling with incorrect boarding passes, while it later added processes to ensure the prevention of such a mix-up that could cause delays or safety incidents at the airport.

BleepingComputer has contacted Qantas to ask how many people might have been impacted by this incident, but a comment wasn't immediately available.

Users of the Qantas app, which has over one million downloads on the Google Play store, are recommended to remain vigilant for scams using this incident as a lure.