A URL flaw has been discovered that affects Delta’s mobile boarding pass.
On Tuesday, after realizing that the URL of her valid mobile boarding pass could be shared with others, Dani Grant, a BuzzFeed intern and founder of HackersofNY.com – a blog that spotlights tech industry professionals – discovered that those with access to the valid link could check in as someone else, according to her brief blog post on Medium.
However, by changing a single digit within the URL they can also access another passenger’s boarding pass online, including their frequent flyer number. Further tinkering with the link allowed Grant to even access boarding passes for other airlines.
While Grant shared the issue with Delta, she received a response that did not directly address the security flaw.
UPDATE: Both Delta and Southwest airlines have addressed and fixed the security issue as of Wednesday morning, according to representatives who spoke with Skift.com.