Delta Airlines said Tuesday that a security vulnerability on its mobile boarding passes has been fixed without causing any “impact to flight safety.”
The boarding pass vulnerability was first found Monday by a BuzzFeed intern who also runs a site about technologists. In a post on Medium, Dani Grant detailed how she was able to access other passengers’ boarding passes simply by changing a single digit in her pass’ URL. She was also able to log in to Delta’s site as those other passengers, from which point she could’ve changed their seating assignments or accessed other details about them.
Grant was also able to access boarding passes belonging to non-Delta passengers, most likely because airlines share some technology that powers mobile boarding passes.
“After a possible issue with our mobile boarding passes was discovered late Monday, our IT teams quickly put a solution in place this morning to prevent it from occurring,” Delta spokesperson Paul Skrbec said Tuesday afternoon. Delta is still investigating the problem, but Skrbec’s statement added that Delta is “not aware of any compromised customer accounts.”
It’s unlikely that the flaw could have posed a threat to aviation safety. While Grant suggested on Twitter that it would have been possible to take advantage of the vulnerability for nefarious purposes, airport safety procedures should have prevented any security lapses.