Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Aegean Airlines | Miles&Bonus
Reload this Page >

Severe data protection issue - I can see and modify a stranger's flight on my A3 app

Severe data protection issue - I can see and modify a stranger's flight on my A3 app

Old Nov 13, 17, 3:11 am
  #1  
Original Poster
 
Join Date: Sep 2014
Programs: A3*G
Posts: 114
Severe data protection issue - I can see and modify a stranger's flight on my A3 app

Have you guys ever experienced something like this? I have full flight details for flight OA332 about to be taken tomorrow by Ms. M. P. (I obviously have the full name), Seat 4C. I can access check-in and could move her around the plane if I were so inclined.

Very strange. M.P.'s A3 number (she's gold) has no resemblance to mine or to any of my household members.

Do you think I should alert A3?
ObserverA3 is offline  
Old Nov 13, 17, 3:16 am
  #2  
FlyerTalk Evangelist
 
Join Date: Mar 2008
Location: Netherlands
Programs: Platinum: KL Gold: A3 Silver: AZ, BA
Posts: 24,491
Originally Posted by ObserverA3 View Post
Do you think I should alert A3?
Yes, and for a start you should explain how you came to be in possession of somebody else's booking details.
irishguy28 is offline  
Old Nov 13, 17, 3:23 am
  #3  
Original Poster
 
Join Date: Sep 2014
Programs: A3*G
Posts: 114
Originally Posted by irishguy28 View Post
Yes, and for a start you should explain how you came to be in possession of somebody else's booking details.
By opening my A3 app - that's the whole point. Do you think I'm trolling?
ObserverA3 is offline  
Old Nov 13, 17, 3:35 am
  #4  
 
Join Date: Oct 2009
Location: AMS / ATH
Programs: AFKL Gold, A3 Gold
Posts: 5,024
Anything in common with you? Same name or email address perhaps? (Typo can easily be made).
There must be something in the booking that connects it to you, I would think. If you open that booking on the website, do any of the details match yours?

I would definitely give them a call. My guess is that somebody made a typo in the FF number field -maybe it has since be corrected, but perhaps it is now linked to you..
Xandrios is offline  
Old Nov 13, 17, 3:42 am
  #5  
Senior Mod and Moderator: Aegean Miles&Bonus and British Airways
 
Join Date: Jan 2009
Location: Norwich, UK
Programs: A3*G, BA Gold, BD Gold (in memoriam), IHG Spire
Posts: 6,195
How much other personal information you can see and access will determine how serious a breach this is. Yes, you should absolutely advise A3 and if you're not satisfied with their response you might also want to raise it with the Hellenic Data Protection Authority.
NWIFlyer is offline  
Old Nov 13, 17, 3:45 am
  #6  
FlyerTalk Evangelist
 
Join Date: Mar 2008
Location: Netherlands
Programs: Platinum: KL Gold: A3 Silver: AZ, BA
Posts: 24,491
Originally Posted by ObserverA3 View Post
By opening my A3 app - that's the whole point. Do you think I'm trolling?
Are you logged into the app?
irishguy28 is offline  
Old Nov 13, 17, 3:52 am
  #7  
Original Poster
 
Join Date: Sep 2014
Programs: A3*G
Posts: 114
Originally Posted by irishguy28 View Post
Are you logged into the app?
Yes - never logged out since I installed it. I can see her flight nicely along with my own information.
ObserverA3 is offline  
Old Nov 13, 17, 4:01 am
  #8  
 
Join Date: Nov 2016
Programs: A3*G
Posts: 42
A friend of mine had a similar experience to the one raised by OP.

He tried to check-in a business flight for his gf.
He checked-in but there wasn't a seat available (!!) and the booking was marked as SBY.
Shortly, after he called Aegean help desk, he could access and modify (seat, check-in) of another passenger for the very same flight (in addition to his gf).

If I recall correctly, the other person (ofc completely unknown to him) was momentarily on the same booking.
Argyris is offline  
Old Nov 13, 17, 4:01 am
  #9  
FlyerTalk Evangelist
 
Join Date: Mar 2008
Location: Netherlands
Programs: Platinum: KL Gold: A3 Silver: AZ, BA
Posts: 24,491
Are you sure the flight wasn't booked using your Aegean miles?
awayIgo likes this.
irishguy28 is offline  
Old Nov 13, 17, 4:02 am
  #10  
Original Poster
 
Join Date: Sep 2014
Programs: A3*G
Posts: 114
Have now e-mailed customer service. Will keep you posted.
ObserverA3 is offline  
Old Nov 13, 17, 5:46 am
  #11  
Original Poster
 
Join Date: Sep 2014
Programs: A3*G
Posts: 114
Received an initial response from A3. Excellent response time (95 minutes)!

Originally Posted by Aegean Customer Support
Dear Mr. [ObserverA3],

We are contacting you from the Customer Relations Department regarding the Aegean Application.

We would like to inform you that as soon as we received your email and screen shot we have forward it to the relevant department in order to examine it.

I personally remain at your disposal and I shall get back to you with updated advice on your case,as soon as we collect all necessary details regarding your case.

Yours Sincerely,
ObserverA3 is offline  
Old Nov 13, 17, 7:47 am
  #12  
 
Join Date: Oct 2009
Location: AMS / ATH
Programs: AFKL Gold, A3 Gold
Posts: 5,024
Good to see that they promptly act on this
Xandrios is offline  
Old Nov 13, 17, 9:19 am
  #13  
 
Join Date: Jul 2005
Location: 39000ft
Posts: 393
Originally Posted by A3 customer support
we have forward it to the relevant department in order to examine it.
!
Oh thank God! Since A3 IT department is so effective, we should be relieved.
Argyris likes this.
jerry_greece is online now  
Old Nov 14, 17, 3:20 am
  #14  
Original Poster
 
Join Date: Sep 2014
Programs: A3*G
Posts: 114
This is getting more puzzling:

Originally Posted by Aegean Customer Support
Dear Mr. (ObserverA3),

We are contacting you in order to provide an update regarding your case.

As we have been advised from the appropriate department who handles such cases you received the attached boarding pass in your e-mail, as this e-mail was used by another user at the check-in of the booking on the mobile.

The email used was : (my A3 registered email).

Unfortunately we do not know why the user has put this e-mail, as it is a field that everyone completes with any e-mail he/she prefers.

Should you encounter any similar cases , please alert us on the matter, as so as to further investigate it.

We remain at your disposal for any further communication or assistance required, while we do look forward to welcoming you on our flights in the future and serving you on board.

Kind Regards
Some data points:

My A3 email address is German (.de). I use the initial of my first name and my full last name. My new "mystery friend" is greek, and her initials (first and last) are different from mine.

I just noticed that I received an e-mail confirmation about check-in for this flight two days ago (when the check-in window for the flight first opened).

Very strange.
ObserverA3 is offline  
Old Nov 14, 17, 3:33 am
  #15  
FlyerTalk Evangelist
 
Join Date: Mar 2008
Location: Netherlands
Programs: Platinum: KL Gold: A3 Silver: AZ, BA
Posts: 24,491
Originally Posted by irishguy28 View Post
Are you sure the flight wasn't booked using your Aegean miles?
irishguy28 is offline  

Thread Tools
Search this Thread
Search Engine: