Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

A Delta Airlines Security Flaw Lets You Check In To Flights As Other People

You can even switch seats.

Posted on December 16, 2014, at 11:12 a.m. ET

If you plan to fly Delta this holiday season, you may want to double check your boarding pass.

As one of my BuzzFeed colleagues recently discovered, a security vulnerability on Delta Airlines' website allows anyone with a valid boarding pass to access the boarding pass of another traveler, simply by switching the numbers in the URL.

To prove it, my colleague sent me the URL of an old Delta boarding pass, which looks like this:

After tweaking one number in the URL, I refreshed the page and found a new boarding pass — with the passenger's full information, including his frequent flyer number.

While playing around and testing different URLs, my colleague was able to find tickets for different airlines, like this Southwest boarding pass:

Because the boarding passes include the passenger's full name and confirmation number, anyone could ostensibly log in via the airline's website using this information and change seats or potentially even change the flight. Just as troubling, the boarding passes don't seem to be protected by any levels of security. My colleague was able to successfully send me her current boarding pass URL and I was never prompted to enter any information to access the page.

Concerned by this significant security failure, my colleague tried to contact Delta Airlines to inquire about the flaw. The airline responded but didn't address the flaw, or any plans to fix it.

BuzzFeed has also reached out to Delta Airlines about the flaw and will update with any forthcoming comment.

A spokesman for Delta, Paul Skrbec, sent an official statement to BuzzFeed News:

“Security is a top priority for Delta, and we employ multiple levels of it throughout the travel process. After a possible issue with our mobile boarding passes was discovered late Monday, our IT teams quickly put a solution in place this morning to prevent it from occurring.

As our overall investigation of this issue continues, there has been no impact to flight safety, and at this time we are not aware of any compromised customer accounts.

We routinely monitor and perform analysis of data to ensure privacy for our customers. We apologize for any concern this may have caused.”

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.