Qantas App issues?

This is very concerning, especially if you had an international bookings, as I could view the APIS information of others including Passport Number and DOB.
The Qantas spokesperson implies that it's not possible to see a passport number and DOB:

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...(i.e. not giving an exhaustive list of shared information)", then saying "No further personal information.. was shared".

Note: Post edited for clarity
 
Last edited:
EXCLUSIVE OFFER - Offer expires: 20 Jan 2025

- Earn up to 200,000 bonus Velocity Points*
- Enjoy unlimited complimentary access to Priority Pass lounges worldwide
- Earn up to 3 Citi reward Points per dollar uncapped

*Terms And Conditions Apply

AFF Supporters can remove this and all advertisements

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...", then saying "No further personal information.. was shared".
Indeed. They didn't share those details, but they were easily accessed. So they can argue they didn't say anything misleading.
 
The Qantas spokesperson implies that it's not possible to see a passport number and DOB:

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...", then saying "No further personal information.. was shared".
Bollocks. Gracie was born in 1984 and is flying by herself according to her APIS intel
 
The Qantas spokesperson implies that it's not possible to see a passport number and DOB:

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...", then saying "No further personal information.. was shared".
This response is definitely not accurate! Phone number, email address were accessible for domestic bookings and APIS was accessible for those that entered it for international bookings.
 
Last edited:
Very carefully crafted.

Ii'm still me, WP, iPhone with surname towards end of alphabet (for the sake of looking for commonalities). App checked for updates, finished no prob.
I'm WP, Android, with 2FA, Surname "B" so quite different to your situation, yet I'm me, and continue to be only me.

Other considerations?:
- anniversary re-starting today 1st May
- Flight upcoming (but @smckay says in this post that this may not apply)


I know for instance B2BPay transfers are always made on the first day of the month, I wonder what else they do every 1st of the month?
 
WP, iOS, surname M and flights booked for May 3 and beyond. No 2FA I think.
Logged out and in and still happened. Seems to have stabilised since about 2pm
 
I was wondering if OS and/or app version contributed. Droid for me with 4.8.1 and all I got was me despite constabtly swiping left trying to find a Gracie..
 
It would be ironic if we found out all the names everyone was seeing were just "test" names used by the QF Development team
 
Boring, nothing on my app (Android 14, app v 4.7.0.562). You apple biters have all the fun this morning. I'm off now to buy a can of pear cider to counter this situation.

More seriously, hopefully a few of you grabbed some evidence that you were able to see other people's identifiable data. That is the most concerning aspect in this fault.
 
Their desktop IT isn't doing any better - I reached Points Club about four weeks ago, anniversary is today - Points Club - Gone Already! Well that was fun while it lasted!!
1714539318713.png
 
The Qantas spokesperson implies that it's not possible to see a passport number and DOB:

“The issue was isolated to the Qantas app with some frequent flyers able to see the travel information of other customers, including name, upcoming flight details, points balance and status. No further personal or financial information was shared and customers would not have been able to transfer or use the Qantas Points of other frequent flyers. We’re not aware of any customers travelling with incorrect boarding passes.”

However, perhaps they're just using a very carefully crafted phrase by saying "travel information... Including...(i.e. not giving an exhaustive list of shared information)", then saying "No further personal information.. was shared".

Note: Post edited for clarity
Actually unlike BA, QF does NOT mask the passport information (ENTER APIS) tab in the "manage booking" - therefore this is actually a far bigger problem which is on par with the Optus beach...with all this data (mobile/emails/DOB etc) this is a data goldmine for someone with malicious intent...can teleport numbers, open accounts - your ID is essentially severely compromised...QF's last press release has downplayed the situation big time...
 
Well, given the Optus data breach saga is still going on in terms of resolution, I don't expect any quick resolutions here on a financial reparations or fines.

But we can play the game of how many apolo points / SC will they give out this time first.

Same as the last year one?
 
This response is definitely not accurate! Phone number, email address were accessible for domestic bookings and APIS was accessible for those that entered it for international bookings.
Agreed. There are potentially huge legal and commercial implications from this data security breach which I’m sure will be rightfully scrutinised and addressed in public. But I doubt it will hit Minister King’s desk lest it jeopardise her Chairman’s Lounge access.

You’re not suggesting that our National Carrier would try to downplay the severity of this issue by deception and concealment, are you? Surely they would put the customer’s interest first, right? They keep telling us that.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top