Qantas App issues?

[knightfall88]

What would be the process to follow if someone had a random cancel their booking?

class action

 

[half-hour]

This is very concerning, especially if you had an international bookings, as I could view the APIS information of others including Passport Number and DOB.

The Qantas spokesperson implies that it's not possible to see a passport number and DOB:

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...(i.e. not giving an exhaustive list of shared information)", then saying "No further personal information.. was shared".

Note: Post edited for clarity

 

[RooFlyer]

However, perhaps they're just using a very carefully crafted phrase

Very carefully crafted.

Ii'm still me, WP, iPhone with surname towards end of alphabet (for the sake of looking for commonalities). App checked for updates, finished no prob.

 

[SeatBackForward]

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...", then saying "No further personal information.. was shared".

Indeed. They didn't share those details, but they were easily accessed. So they can argue they didn't say anything misleading.

 

[smckay]

The Qantas spokesperson implies that it's not possible to see a passport number and DOB:

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...", then saying "No further personal information.. was shared".

Bollocks. Gracie was born in 1984 and is flying by herself according to her APIS intel

 

[Point Ventures]

The Qantas spokesperson implies that it's not possible to see a passport number and DOB:

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...", then saying "No further personal information.. was shared".

This response is definitely not accurate! Phone number, email address were accessible for domestic bookings and APIS was accessible for those that entered it for international bookings.

 

[SeatBackForward]

Very carefully crafted.

Ii'm still me, WP, iPhone with surname towards end of alphabet (for the sake of looking for commonalities). App checked for updates, finished no prob.

I'm WP, Android, with 2FA, Surname "B" so quite different to your situation, yet I'm me, and continue to be only me.

Other considerations?:
- anniversary re-starting today 1st May
- Flight upcoming (but @smckay says in this post that this may not apply)


I know for instance B2BPay transfers are always made on the first day of the month, I wonder what else they do every 1st of the month?

 

[smckay]

WP, iOS, surname M and flights booked for May 3 and beyond. No 2FA I think.
Logged out and in and still happened. Seems to have stabilised since about 2pm

 

[knightfall88]

seems to be fixed now

 

[RichardMEL]

I was wondering if OS and/or app version contributed. Droid for me with 4.8.1 and all I got was me despite constabtly swiping left trying to find a Gracie..

 

[airlinemn]

1,000 points as an apology incoming.

 

[levelnine]

1,000 points as an apology incoming.

I'm going to need 10K. Traumatised for life by seeing some of these low points balances.

 

[SeatBackForward]

It would be ironic if we found out all the names everyone was seeing were just "test" names used by the QF Development team

 

[tdimdad]

Boring, nothing on my app (Android 14, app v 4.7.0.562). You apple biters have all the fun this morning. I'm off now to buy a can of pear cider to counter this situation.

More seriously, hopefully a few of you grabbed some evidence that you were able to see other people's identifiable data. That is the most concerning aspect in this fault.

 

[RSD]

Their desktop IT isn't doing any better - I reached Points Club about four weeks ago, anniversary is today - Points Club - Gone Already! Well that was fun while it lasted!!

 

[747800intercon]

The Qantas spokesperson implies that it's not possible to see a passport number and DOB:

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...(i.e. not giving an exhaustive list of shared information)", then saying "No further personal information.. was shared".

Note: Post edited for clarity

Actually unlike BA, QF does NOT mask the passport information (ENTER APIS) tab in the "manage booking" - therefore this is actually a far bigger problem which is on par with the Optus beach...with all this data (mobile/emails/DOB etc) this is a data goldmine for someone with malicious intent...can teleport numbers, open accounts - your ID is essentially severely compromised...QF's last press release has downplayed the situation big time...

 

[RSD]

Just think - some bugger might pinch one of my Blackall to Longreach DSC bankers!

 

[elanshin]

Well, given the Optus data breach saga is still going on in terms of resolution, I don't expect any quick resolutions here on a financial reparations or fines.

But we can play the game of how many apolo points / SC will they give out this time first.

Same as the last year one?

 

[Gold Member]

This response is definitely not accurate! Phone number, email address were accessible for domestic bookings and APIS was accessible for those that entered it for international bookings.

Agreed. There are potentially huge legal and commercial implications from this data security breach which I’m sure will be rightfully scrutinised and addressed in public. But I doubt it will hit Minister King’s desk lest it jeopardise her Chairman’s Lounge access.

You’re not suggesting that our National Carrier would try to downplay the severity of this issue by deception and concealment, are you? Surely they would put the customer’s interest first, right? They keep telling us that.

 

[RichardMEL]

I do worry for even those of us not seeing anything unusual, that there is nothing to say others out there aren't potentially getting ours. The scope is brrathtaking and absolutely horrendous.