DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

United website breach let fliers see each others’ private data

Posted on January 28, 2015 by Dissent

I reported on the United Airlines MileagePlus incident earlier this month, but now Cory Doctorow is reporting yet another breach involving United Airlines:

My wife came back from giving a conference speech in Las Vegas in December with the weirdest story: when she fired up the United check-in mobile site, she found herself looking at someone else’s flight details, along with cellular numbers, home address, passport details, and buttons that would let her request multi-thousand-dollar upgrades for strangers. Every time she hit reload, she got someone else’s private information.

[…]

Johnston confirmed that they had experienced a bug with their app that leaked sensitive personal information to random customers. He wouldn’t when (sic) the bug started, or how many people experienced it, though he said that 20 customers reported it, and it was fixed on December 17. He would not answer these questions:

Read more on BoingBoing. From the description of this incident, it sounds unrelated to the previously reported breach.

Companies routinely screw up breach disclosure and notification. When they screw up and the breach involves a journalist with a huge following, that’s really, um, …. a bad choice?

 

Category: Business SectorExposureU.S.

Post navigation

← UK: East Midlands Ambulance Service avoid a fine for lost medical records
Thieves hit 13 Wells Fargo mortgage offices in 5 states to steal IDs →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch police identify users on Cracked.io
  • Help, please: Seeking copies of the PowerSchool ransom email(s)
  • RCMP thumb drive with informant, witness data obtained by criminals: watchdog
  • Evoke Wellness to Pay $1.9 Million to Settle FTC Claims That They Misled Consumers Seeking Substance Use Disorder Treatment
  • Former Hilliard treatment center employee accused of selling patient data on dark web
  • Trump Rewrites Cybersecurity Policy in Executive Order
  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Republicans Move A Step Closer To Repealing Protections For Abortion Clinics
  • Democrats introduce bill that aims to protect reproductive health data
  • Don’t Mind If I Do: Montana Says Hands Off Neural Data
  • 23andMe leadership grilled by lawmakers demanding answers about data security amid bankruptcy sale
  • Privacy Victory! Judge Grants Preliminary Injunction in OPM/DOGE Lawsuit
  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.