On March 27 evening, software engineer Nandan Kumar landed in Bengaluru and made his way home. But upon reaching home, his wife pointed out that he got the wrong bag. "My bag got exchanged with another passenger. An honest mistake from both our ends. As the bags [are] exactly the same with some minor differences," Kumar said. So, Kumar did what anyone in his situation would do and reached out to Indigo to help him connect with his co-passenger and get his bag back. But after waiting and failing to get the help he needed, Kumar took matters into his own hands. That's when he stumbled upon a data leak on Indigo's website that allowed him to contact his co-passenger. Indigo defended itself by saying that it was not a data leak and Kumar was able to find the mobile number of the co-passenger due to a "norm practised across all airline systems globally." But does a practice become right just because it is a common practice? How did Kumar retrieve the contact details of his co-passenger? Kumar shared his full story on Twitter (which is an entertaining read), but to cut to the chase, he was able to obtain the contact details of the passenger who had his bag by using the PNR and last name he found on the bag with him. But it wasn't as simple as it sounds because Kumar wasn't able to use the "Edit Booking" page on Indigo's site to access the passenger's details. "Some people say, the…
