Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Aegean Airlines | Miles&Bonus
Reload this Page >

Severe data protection issue - I can see and modify a stranger's flight on my A3 app

Severe data protection issue - I can see and modify a stranger's flight on my A3 app

Old Nov 14, 17, 2:36 am
  #16  
Original Poster
 
Join Date: Sep 2014
Programs: A3*G
Posts: 114
I'm as sure of that today as I was yesterday. Also, don't you think A3 Customer Service might have mentioned that in their response if that was the problem?
ObserverA3 is offline  
Old Nov 14, 17, 2:42 am
  #17  
FlyerTalk Evangelist
 
Join Date: Mar 2008
Location: Netherlands
Programs: Platinum: KL Gold: A3 Silver: AZ, BA
Posts: 24,647
Originally Posted by ObserverA3 View Post
I'm as sure of that today as I was yesterday. Also, don't you think A3 Customer Service might have mentioned that in their response if that was the problem?
You didn't notice the check-in email. Who knows what else may not have been noticed?
irishguy28 is online now  
Old Nov 14, 17, 5:03 am
  #18  
 
Join Date: Oct 2009
Location: AMS / ATH
Programs: AFKL Gold, A3 Gold
Posts: 5,059
I am actually impressed that they got back to you within a day

Originally Posted by ObserverA3 View Post
This is getting more puzzling:

Some data points:

My A3 email address is German (.de). I use the initial of my first name and my full last name. My new "mystery friend" is greek, and her initials (first and last) are different from mine.

I just noticed that I received an e-mail confirmation about check-in for this flight two days ago (when the check-in window for the flight first opened).

Very strange.
If you received the check-in notification, then your email was associated with the booking, not just the check in. As that email is sent to the email in the booking.

Does not clear up why that would be the case though. Have you used a public PC that may have remembered (and pre-filled) the email address later on? Or perhaps mentioned the email address to a support or ticket desk - who may have accidentally applied it to the wrong booking?
Xandrios is offline  
Old Nov 14, 17, 5:45 am
  #19  
Senior Mod and Moderator: Aegean Miles&Bonus and British Airways
 
Join Date: Jan 2009
Location: Norwich, UK
Programs: A3*G, BA Gold, BD Gold (in memoriam), IHG Spire Ambassador
Posts: 6,249
It seems more likely to me that the OP's M+B number was attached to the booking in error, which then auto-filled the e-mail field and sent notifications out. Given no original booking e-mail was received, the likelihood is that this happened sometime afterwards.

This could have done by the person making the booking, but equally it could have been mis-keyed by an A3 agent ... and at this stage I would strongly suspect the OP will not ever get to find out.
NWIFlyer is offline  
Old Nov 14, 17, 1:29 pm
  #20  
 
Join Date: Nov 2016
Programs: A3*G
Posts: 42
Originally Posted by Xandrios View Post
If you received the check-in notification, then your email was associated with the booking, not just the check in. As that email is sent to the email in the booking.
You can select a different email during the check-in for the boarding passes to be delivered.
Argyris is offline  
Old Nov 14, 17, 1:31 pm
  #21  
 
Join Date: Nov 2016
Programs: A3*G
Posts: 42
Originally Posted by irishguy28 View Post
You didn't notice the check-in email. Who knows what else may not have been noticed?
I don't see how sarcasm can advance this discussion.
Argyris is offline  
Old Nov 14, 17, 7:54 pm
  #22  
 
Join Date: Jan 2004
Location: Heraklion, Greece
Posts: 6,778
Originally Posted by ObserverA3 View Post
This is getting more puzzling:



Some data points:

My A3 email address is German (.de). I use the initial of my first name and my full last name. My new "mystery friend" is greek, and her initials (first and last) are different from mine.

I just noticed that I received an e-mail confirmation about check-in for this flight two days ago (when the check-in window for the flight first opened).

Very strange.
You could/should contact the new "mystery friend" directly and try to find out why she filled your e-mail address for her BP to be sent to you. That may help find out what happened. By the way, what do you mean exactly with her initials (first and last) are different from yours? An "initial" can never be... last!
KLouis is offline  
Old Nov 14, 17, 8:07 pm
  #23  
 
Join Date: Aug 2014
Programs: Top Tier with all 3 alliances
Posts: 4,237
Let's hope A3 doesn't lock the OP's account in trying to figure this out, as in no good deed goes unpunished...

It is obviously some kind of IT glitch. I had that happen to me once before, don't remember the airline, I think I called and they were like "don't worry about it, it is a temporary glitch."
nk15 is offline  
Old Nov 14, 17, 10:56 pm
  #24  
 
Join Date: Jan 2004
Location: Heraklion, Greece
Posts: 6,778
The way I interpret OP's correspondence with A3's CS is that they claim his email address was indicated as where the BP should be sent to. OP says that his and "her" (the "mystery friend") address were very different, thus no typo was possible (first and last -?- initials different). Some questions that are still open are:

- How different were the two email addresses.
- Does the "mystery friend" know OP?
- How did OP find out the "mystery friend"'s enmail address? The BP does NOT contain any email addresses!

...and possibly a few more. With the last name and the Booking reference there is no problem accessing the reservation, both at the CI time and (even worse) changing it completely!
KLouis is offline  
Old Nov 15, 17, 2:05 am
  #25  
FlyerTalk Evangelist
 
Join Date: Mar 2008
Location: Netherlands
Programs: Platinum: KL Gold: A3 Silver: AZ, BA
Posts: 24,647
Originally Posted by Argyris View Post
I don't see how sarcasm can advance this discussion.
I assure you I was not, and am not, being sarcastic.

I had to ask twice if the OP could be sure that the ticket was not booked using his/her (hacked) account, to be told that (s)he was as sure as on the previous day - though no answer had been given on the previous day.

If the OP doesn't respond to simple, relevant questions, are we not allowed to try obtaining the information a second time? Isn't the idea of posting the thread such that the "problem" can be solved?

We can't be sure of anything that we haven't been explicitly told. The OP's later post indictes that they were already in possession of further relevant information of which they were not aware. If a relevant email was not spotted, how can we know that other relevant information has similarly not been spotted by the OP?

I'm not sure why you interpreted a simple question asked to try and eliminate one possible avenue (and a dangerous and increasingly common one, at that) as being "sarcastic".
irishguy28 is online now  
Old Nov 15, 17, 9:49 am
  #26  
:D!
Hilton Contributor BadgeIHG Contributor Badge
 
Join Date: Sep 2012
Location: Aberdeen, Bella Vista and Croydon
Programs: BA Spire, Hilton *G, A3 Diamond, IHG Silver
Posts: 4,676
Originally Posted by KLouis View Post
The way I interpret OP's correspondence with A3's CS is that they claim his email address was indicated as where the BP should be sent to. OP says that his and "her" (the "mystery friend") address were very different, thus no typo was possible (first and last -?- initials different). Some questions that are still open are:

- How different were the two email addresses.
- Does the "mystery friend" know OP?
- How did OP find out the "mystery friend"'s enmail address? The BP does NOT contain any email addresses!

...and possibly a few more. With the last name and the Booking reference there is no problem accessing the reservation, both at the CI time and (even worse) changing it completely!
I don't think ObserverA3 knows the mystery person's actual email address, because for this particular flight mystery person's email address is ObserverA3's email address. So there is no way to contact the mystery person.

Regarding your other point, I'm sure the OP just means the intials of first and last names are different, i.e. the first letter of the mystery person's given name and the first letter of their surname.

And since the other person has a completely different name, the OP was wondering how they managed to input the wrong email. The OP also says that the M&B numbers are completely different so it probably isn't that either.
ObserverA3 likes this.
:D! is online now  
Old Nov 15, 17, 9:55 am
  #27  
Original Poster
 
Join Date: Sep 2014
Programs: A3*G
Posts: 114
Originally Posted by :D! View Post
I don't think ObserverA3 knows the mystery person's actual email address, because for this particular flight mystery person's email address is ObserverA3's email address. So there is no way to contact the mystery person.

Regarding your other point, I'm sure the OP just means the intials of first and last names are different, i.e. the first letter of the mystery person's given name and the first letter of their surname.

And since the other person has a completely different name, the OP was wondering how they managed to input the wrong email. The OP also says that the M&B numbers are completely different so it probably isn't that either.
Thank you.
ObserverA3 is offline  
Old Nov 15, 17, 10:14 am
  #28  
 
Join Date: Jun 2006
Posts: 4,805
Soon the EU data protection rules are being tightened. Hefty fines for non compliance. Whatever the cause they and other companies will need to bring in changes.
DELLAS is offline  

Thread Tools
Search this Thread
Search Engine: