Ryanair Shrugs Off Discovery That Others Can Edit Your Flight Booking; Says It's Your Problem

from the oh-really-now? dept

European discount airline Ryanair is somewhat famous for their near total lack of concern about customer happiness. The airline, at times, seems almost gleeful about the complaints it gets from customers. Still, it seems to go pretty far to completely shrug off a security hole that allows others to edit your bookings (found via Glyn Moody). Basically, some researchers discovered that if you know someone's email address and the date (and locations) that they're planning to fly, you can access their account and even adjust and manipulate the bookings. That's because the site apparently does not use passwords, but just those bits of information. What's really stunning is Ryanair's response:
"Your 'experts' are talking complete rubbish. If someone's lunatic ex-partner wants to access a flight booking and pay for priority boarding or extra baggage for the person they just split up from then they all have a lot more to worry about than a simple amended flight booking. It is everyone's individual responsibility to keep their personal information personal."
That's from Ryanair spokesman Daniel de Carvalho. Anyone taking bets on how long until someone changes one of de Carvalho's own flight bookings?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: booking, hacking, passwords
Companies: ryanair


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    xenomancer (profile), 3 Feb 2011 @ 8:36am

    New Horizons...

    aaaaaaand its done, now he's going to Darfur; may his attitude toward individual responsibility serve him well there.

    reply to this | link to this | view in thread ]

  2. icon
    Simon Chamberlain (profile), 3 Feb 2011 @ 9:18am

    You think Ryanair executives fly on their own airline? I sure wouldn't, if I was paid that much.

    reply to this | link to this | view in thread ]

  3. icon
    Andy (profile), 3 Feb 2011 @ 9:25am

    What an incredibly ignorant response from this guy. Obviously people should keep their personal data personal, but an email address is exactly the sort of thing people absolutely need to share. How else will anybody else be able to email them if they didn't pass that out. And knowing the dates someone is planning to travel is hardly secret personal information either. There are a host of reasons someone would get to know this.

    Ryanair are only compounding their image as a company with no concern or respect for their customers. Hardly a winning approach to doing business!

    reply to this | link to this | view in thread ]

  4. icon
    Dave W (profile), 3 Feb 2011 @ 9:34am

    I'm not at all surprised by this. Ryanair's attitude with customer complaints is to be bullish in the extreme. Just look up "michael o'leary" to see any number of quotes.

    Their rule is - when our tickets are £1 a flight - you pay what you get for so why should you be surprised if it goes wrong. Michael O'Leary said he would charge you £1 to use the toilet if he thought you could get away with it. He already charges all passengers a "wheelchair fee" because EU law says he isn't allowed to charge wheelchair users this directly.

    He's lovely. Like a case of herpes.

    I think this website can say an awful lot more than i can about ryanair = http://www.ihateryanair.org/.

    Frankly, i'm not surprised by this story but i long ago realised using Ryanair was a false economy.

    reply to this | link to this | view in thread ]

  5. icon
    Chris Rhodes (profile), 3 Feb 2011 @ 10:01am

    Re:

    Lol, that airline sounds awesome. After reading that site you posted, I wish they were in the states too; I'd totally try them out.

    reply to this | link to this | view in thread ]

  6. identicon
    TheStupidOne, 3 Feb 2011 @ 10:19am

    Re:

    Agreed ... I've flown on Ryanair and it is easily the worst airline I've ever used, but they were also the cheapest so I'll probably use them again for short flights. I might wait until they use some kind of password though ...

    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, 3 Feb 2011 @ 10:29am

    That's from Ryanair spokesman Daniel de Carvalho. Anyone taking bets on how long until someone changes one of de Carvalho's own flight bookings?

    I bet he flys on the corp. jet and will never have that problem.

    reply to this | link to this | view in thread ]

  8. identicon
    Cowardly Anon, 3 Feb 2011 @ 10:34am

    Re:

    Obviously people should just make a new email for when they wish to fly suing Ryanair.....

    reply to this | link to this | view in thread ]

  9. identicon
    Anonymous Coward, 3 Feb 2011 @ 10:50am

    Thank God for bullet trains.

    reply to this | link to this | view in thread ]

  10. icon
    Miff (profile), 3 Feb 2011 @ 11:14am

    "Don't worry, customer. If someone messes up your bookings, we'll just press hacking charges against them."

    "And then I get a part of the settlement, right?"

    "Errr...."

    "Well, do I at least get refunded for the ruined tickets?"

    "Ummm....."

    reply to this | link to this | view in thread ]

  11. icon
    Eugene (profile), 3 Feb 2011 @ 11:57am

    So are these guys like those gimmick crableg restaurants that employ insult comics as waiters?

    reply to this | link to this | view in thread ]

  12. identicon
    Revelati, 3 Feb 2011 @ 12:30pm

    Well Daniel, you just said your company doesn't like passwords, obviously you aren't going to pay for decent net security, and you said all that on the internet...

    I'm pretty sure you just dared the hacker community to open a can of pwnsauce on your sh1t airline.

    reply to this | link to this | view in thread ]

  13. identicon
    Urza9814, 3 Feb 2011 @ 2:13pm

    Duh. It's Ryanair.

    I've never flown Ryanair, never heard any of the apparently vast quantity of horror stories about them...the only thing I know about them is that they offer rock bottom prices. And from that alone, this does not surprise me at all.

    This isn't a massive security hole. This would still take a fair bit of effort. And the kinds of people important enough to target with something like this are not the kinds of people who will be flying Ryanair. Yes, your crazy ex might screw with your flights...but I'm sure they could find a way to do that on any airline, this just makes it easier. What do you want for that price?

    Seriously, this is a company whose sole goal is to charge the absolute least amount possible. Which means they're going for the customers who either don't care about service or can't afford anything better. You expect them to spend the money to fix some tiny little security hole, that won't matter to 99% of their customers?

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Sponsored Promotion
Public Money, Public Code - Sign The Open Letter at publiccode.eu
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.