The largest expert travel community:
  • 776,301 Total members
  • 5,255 Users online now
  • 1,732,184 Threads
  • 32,086,657 Posts

United Airlines Bug Exposes Refund Requests

United Airlines Bug Exposes Refund Requests
Joe Cortez

An apparent glitch inside the United Airlines website may have potentially exposed an unknown number of flyers data who requested a refund. The glitch allowed anyone online to put in a ticket number and any last name, because the security only checked the number – not if the last name corresponded to the ticket.

An unknown number of flyers could have had some of their personal information released to the internet because of a bug that exposed refund requests on United Airlines’ website. TechCrunch reports a problem in the website allowed anyone who entered a valid ticket number to view refund requests.

Security Only Checked Ticket Numbers, Not Names

The glitch was first reported by digital security expert Oliver Linow, who works for German public broadcaster Deutsche Welle. By putting in any valid ticket number, Linow says he could see flyer’s last names, their payment type and currency used, along with the requested refund amount. The glitch was allowed because the website coding only checked for the valid ticket number, not the corresponding last name with the itinerary.

Although it may not sound like a lot of information, knowing a valid ticket number and last name could be enough to get into an itinerary and gather personal information from unknowing flyers. While Linow estimates up to 100,000 flyers may have been affected by the programming glitch, it’s unknown how many refund requests were unlawfully accessed.

According to the TechCrunch report, the IT engineer reported the bug to United on July 6, 2020, and the airline patched the problem at least a month later. It’s unknown how long the bug was exploitable on the website.

In a statement to Business Insider, a spokesperson for United said they did not believe anyone’s personally identifiable information was directly affected by the glitch.

“We are committed to protecting our customers’ data and resolved this issue after it was brought to our attention,” the United spokesperson told Business Insider. “We are not aware of any sensitive customer data that was exposed or accessed and will continue to collaborate with cyber security researchers to stay ahead of any potential vulnerabilities within our digital channels.”

Security Flaw Latest Blow to United

Although it’s unclear if the security flaw directly affected anyone flying with the Chicago-based carrier, it is the latest problem to affect an airline already struggling to gain traction during the COVID-19 pandemic. In September 2020, the airline announced they would furlough over 16,000 employees, as a direct result of the lack of passenger demand and no additional support from the U.S. Congress.

Click to add a comment

You must be logged in on the FORUM to post a comment Login

Leave a Reply


More in Airlines

Singapore Airlines Considers “Flights to Nowhere” to Encourage Bookings

Joe CortezSeptember 15, 2020

European Carriers Send “Last Call” to Save Aviation During COVID-19

Joe CortezSeptember 15, 2020

Air Canada Starts Voluntary COVID-19 Arrival Testing

Joe CortezSeptember 14, 2020

Copyright © 2014 Top News Theme. Theme by MVP Themes, powered by Wordpress.


I want emails from FlyerTalk with travel information and promotions. I can unsubscribe any time using the unsubscribe link at the end of all emails