Science

Southwest Airlines Exposed Personal Data by Using Unencrypted Links: Report

In some cases, hackers may have even been able to alter flight details and print boarding passes. 

by James Dennin
Southwest Airlines

Along with a number of international carriers, Southwest Airlines may have been cutting some corners that put personally identifying information at the fingertips of hackers, according to a new report from Wandera, a cyber security research firm founded by a pair of industry vets who in 2009 sold their last company to the enterprise giant Cisco.

The vulnerability stemmed from the use of unencrypted booking confirmation links, Wandera’s researchers found. Were a hacker to intercept the link, they’d be automatically logged in and able to see the passenger’s booking information, which includes identifying characteristics like name, email information, flight details, and boarding information. Some, but not all, of the airlines may have also made information including home addresses and partial credit card numbers visible.

Wandera also alleges that hackers may have even had the ability to print boarding passes and change seating information.

A security vulnerability may have made it possible for hackers to access and even change your flight and baggage information. 

Unsplash / Jefferson Santos

Seven other airlines were identified as having the vulnerability, mostly international carriers the most notable of which were likely Air France and KLM, a major carrier in the Netherlands. A number of other smaller European airlines were identified in the report, whose findings Wandera says were revealed to the carriers in December. Southwest Airlines did not immediately respond to a phone call requesting comment.

The worry is less about the amount of your own personal data that was exposed due to the vulnerability, and more do with the ease of altering flight information and, potentially, boarding a plane using another person’s identity. Wandera says in their report that the findings highlight the need to encrypt every communication sent throughout the booking process, particularly when directing customers to a page that might be edited or altered.

In other Southwest Airlines-related news, the company recently completed its first test flight to Hawaii. It is also looking for a “social influencer” to travel to some of its most popular routes and create compelling content about their experience.

Related Tags