Qantas App issues?

[I love to travel]

Gee not even a token "make good" points or voucher gesture for those potentially effected? Lame.

Are you really surprised? They actually don't care that this happened. Media has moved on so they have.

 

[Point Ventures]

I think the fallout is still being realised. Many social media posts such as this going around. People’s flight canceled, points missing, locked out of accounts, etc. I was contact by ABC yesterday to do a story on the APIS data being breached, I politely declined.

 

[JW]

100% agree with this. If I was running a P1 postmortem (translation for non-nerds: examination of the events after an issue that causes a system wide degradation/fallover/or revenue impacting event), I'd be looking for at least a 72 hour window just to do the base investigation work.

Do Qantas actually have *any* software engineering / devsecops based in Australia?!

Agree wholeheartedly. Its incredible they claim they are unaware. Clearly the boffins in charge (not the soldiers) need to walk the gang plank.

Frankly this inane response from qf is an insult to our collective intelligence.

 

[JW]

Anyone who believes their "sensitive travel information" was compromised been contacted?
Perhaps the early AFF posters who could see other pax BP's and personal data, could let QF IT Department know?

Issue is we will never know until something occurs. This does not necessarily mean related to your qf account. It could rear itself later on depending on how much info was leaked/on the booking for example. For example had some random persons booking shoed up on your app. It would be trivial to look at the booking.

 

[encryptededdy]

I think the fallout is still being realised. Many social media posts such as this going around. People’s flight canceled, points missing, locked out of accounts, etc. I was contact by ABC yesterday to do a story on the APIS data being breached, I politely declined.

Flight cancelled, I can see how that happens.

I'm not sure if points missing or locked out of accounts is necessarily related, since to my knowledge points transfers require mandatory SMS 2FA.

 

[Cloud9]

Flight cancelled, I can see how that happens.

I'm not sure if points missing or locked out of accounts is necessarily related, since to my knowledge points transfers require mandatory SMS 2FA.

Maybe. But to our knowledge Qantas claim to have professional tech staff...

 

[kangarooflyer88]

Is anyone having app issues.

I am now showing as "someon else" with 607K ++ points and a fabulous amount of status credits.

Yes I’m getting different random people and their boarding passes for flights as well. Very scary stuff as that’s clearly some form of data breach.

Breaking: Qantas released new award redemption type: awards for someone else. “We’ve listened to our customers who have struggled to find classic award availability to Europe, North America and other key international destinations. We thought opening up extra availability via Classic+ awards would do the trick but market research has found continued disappointment of our customers. So we thought, why not turn the award redemptions game on its head? Instead of collecting points to redeem flights why not randomly assign you a new frequent flyer account until you find the availability you want? We call this program Classic Identity Theft awards and will become the new award instrument moving forward” a beleaguered Vanessa Hudson said (whose namesake is on the tail of every Qantas plane)

 

[tdimdad]

We call this program Classic Identity Theft awards

Shortened as Classic IT.

 

[oz_mark]

a failure of safeguards or a previously unknown situation that may be relevant to security.

Comes down to how you define an incident. I guess you'd know the full definition goes on to say

"that has either compromised business operations or has a significant probability of compromising business operations."

So while it was an event that shouldn't have happened, I think they are technically correct in it not being an incident.

 

[Lynda2475]

Interesting that this is the 2nd time the exact problem has happened in recent times, hard to have confidence it wont happen again since they clearly didn't stop it from happening the second time. Same failed controls after an update.

Although this time appears to have been limited to iPhone which is good for us Android users.

 

[kangarooflyer88]

Interesting that this is the 2nd time the exact problem has happened in recent times, hard to have confidence it wont happen again since they clearly didn't stop it from happening the second time. Same failed controls after an update.

Seems like they failed to learn from their mistake. One wonders whether the Information Privacy Commissioner will hit them with a fine given they haven’t learned? I also wonder too whether Qantas will be held to account elsewhere. Certainly this breach may be seen as a violation of the GDPR, PIPEDA and other such privacy legislation. Supposing Qantas has members in those jurisdictions one wonders whether a complaint could be raised with the Information Commissioners in those respective countries?

 

[GrahamBRI]

Comes down to how you define an incident. I guess you'd know the full definition goes on to say

"that has either compromised business operations or has a significant probability of compromising business operations."

So while it was an event that shouldn't have happened, I think they are technically correct in it not being an incident.

Agree, QF may be able to claim it wasn't an "incident" because in their eyes it did not compromise their business (in a hackers eyes, their business definitely had points where it was compromised)...... but the focus in their wording "there is no evidence of a cyber....." was clearly to draw the reader to conclude this was not "cyber" related (as there was no "evidence").....and correspondingly their average customer would also read this as not security related..... when it was both cyber related and security related.
If QF's intent was to highlight that this was only an "event" and not an "incident"...... then in terms of this breach of my data, QF are not treating it as significantly as they should (if QF are just trivialising this as an event an not an incident)...... and maybe that is why they stopped any further investigation into how this happened...... and why it could happen again......

 

[tdimdad]

ABC News has an article on their website (posted last night) where QF states the same old:

"On Wednesday, Qantas confirmed that the issue was isolated to the Qantas App, and customers were unable to access personal or financial information, and would have not been able to board flights with the incorrect boarding passes."

This statement should be corrected to align the reality! The article has the email address of the reporter. If anyone here happened to take screen captures of the identifiable data (APIS) of strangers that the app pushed through, what if you masked the key data points out and quietly sent the images to the reporter for them to deepen the story and bring it up to date?

Post automatically merged: May 4, 2024

Although this time appears to have been limited to iPhone which is good for us Android users.

Except that now I'm unsure if my data has been floating somewhere. I use the Android app but did view my next trip on it. If the trip data was left in the cache, was it served also to someone else during the day? Were they able to view my ID data from it?

 

[KSC]

ABC News has an article on their website (posted last night) where QF states the same old:

"On Wednesday, Qantas confirmed that the issue was isolated to the Qantas App, and customers were unable to access personal or financial information, and would have not been able to board flights with the incorrect boarding passes."

This statement should be corrected to align the reality! The article has the email address of the reporter. If anyone here happened to take screen captures of the identifiable data (APIS) of strangers that the app pushed through, what if you masked the key data points out and quietly sent the images to the reporter for them to deepen the story and bring it up to date?

Post automatically merged: May 4, 2024

Except that now I'm unsure if my data has been floating somewhere. I use the Android app but did view my next trip on it. If the trip data was left in the cache, was it served also to someone else during the day? Were they able to view my ID data from it?

I’m surprised how this can happen. Imagine if you ‘accidentally’ leaked someone else’s banking details, including the balance and capability to transfer..

 

[zukand]

The app is pretty buggy. Unsure if related but not able to check in for our flight atm. Just says “there was an issue checking you in, retry”

 

[SYD]

The app is pretty buggy. Unsure if related but not able to check in for our flight atm. Just says “there was an issue checking you in, retry”

Have you tried the website? There might actually be a problem checking in (sorry, not wanting to alarm you).

 

[KSC]

The app is pretty buggy. Unsure if related but not able to check in for our flight atm. Just says “there was an issue checking you in, retry”

If it’s international you might be flagged to be a SSSS, meaning extra screening.

 

[SYD]

If it’s international you might be flagged to be a SSSS, meaning extra screening.

I would expect you’d still be able to checkin but “Collect BP” at airport message. Then to be greeted by “SSSS” on said BP and the sound of snapping rubber gloves for the rest of the trip.

Oversold, delays and cancellations could be other reasons. Or it is just the app misbehaving…

 

[sydneyboi]

was platinum now I'm gold this morning on web site and app what is happening QF IT!

 

[I love to travel]

Who would have thought you now need to check your status is correct every day? Maybe its a way Qantas can report on increased engagement!!!