Nasty little Delta Airlines security flaw lets you use someone else’s boarding pass (updated)

Delta Airlines seatback entertainment

Updated on 12-17-2014 by Williams Pelegrin: Delta sent us a statement on the matter, saying the bug was squashed as of this morning. You can read Delta’s statement in the updated post below.

The holidays are a hectic time for airlines and airports, as they try to deal with the large influx of people visiting loved ones. The last thing anyone wants happening is some sort of security glitch that will ruin their holiday, and that’s precisely what happened with Delta Airlines’ nasty little glitch that lets you access someone else’s boarding pass.

Discovered by BuzzFeed ad product intern and the founder of Hackers of NY Dani Grant, the glitch presents you with someone else’s boarding pass when you change the URL of your boarding pass. What’s worse is that even if the person is on a different airline, the glitch still affects them equally. With the boarding pass, not only can you check in on them, but you can also change their seat.

Grant alerted Delta to the flaw, but the airline gave a rather unsatisfying response:

Delta response

While the easiest counter to such a flaw is for airports to conduct thorough identity checks, there’s no guarantee that every airport will do such a thing, especially when dealing with the large number of people flying out for the holidays. In addition, such a solution would put the onus solely on the airports when it was Delta’s security flaw to begin with. Hopefully, the airline can remedy the glitch before it has irate customers on its hands.

Thankfully, however, Delta squashed the bug in its place. “Security is a top priority for Delta, and we employ multiple levels of it throughout the travel process,” reads the airline’s statement. “After a possible issue with our mobile boarding passes was discovered late Monday, our IT teams quickly put a solution in place this morning to prevent it from occurring. As our overall investigation of this issue continues, there has been no impact to flight safety, and at this time we are not aware of any compromised customer accounts.”

“We routinely monitor and perform analysis of data to ensure privacy for our customers. We apologize for any concern this may have caused.”