Vulnerability Management

URL flaw discovered for airline mobile boarding passes

A URL flaw has been discovered that affects Delta's mobile boarding pass.

On Tuesday, after realizing that the URL of her valid mobile boarding pass could be shared with others, Dani Grant, a BuzzFeed intern and founder of – a blog that spotlights tech industry professionals – discovered that those with access to the valid link could check in as someone else, according to her brief blog post on Medium.

However, by changing a single digit within the URL they can also access another passenger's boarding pass online, including their frequent flyer number. Further tinkering with the link allowed Grant to even access boarding passes for other airlines.

While Grant shared the issue with Delta, she received a response that did not directly address the security flaw.

UPDATE: Both Delta and Southwest airlines have addressed and fixed the security issue as of Wednesday morning, according to representatives who spoke with 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.