Chinese Hacker Pockets Cool $170,000 After Hacking Airline Website

Chinese hacker defrauds hundreds of passengers by cancelling the flights and sending them re-booking offers

A 19-year-old man in Dalian, China has been arrested by the police after he was caught hacking into an airline’s website, stealing booking information from 1.6 million ticket orders, and ripping off hundreds of travelers. Using the information, the teen went on to make hundreds of fraudulent transactions that pocketed him 1.1 million Yuan ($170,000 / €156,000).

The teenager, identified as Zhang from Heilongjiang, north-east China hacked the website of a yet unnamed Chinese airline company by exploiting vulnerabilities in its B2B system. He illegally downloaded 1.6 million passengers booking details such as names, flight details, ID card numbers, email addresses, and mobile phone numbers.

He also used his access to the website to cancel some current bookings, and later, using the stolen information, he sent out groups texts, telling them that the “the plane is out of order and the flight is cancelled”. They needed to pay extra fees if they wanted to rebook. This is how the hacker made his money, by offering a re-booking link that pocketed him re-booking fees.

It took the airline three weeks to notice the data breach. The airline lost more than 80,000 yuan ($12,365 USD) from people demanding a refund.

The hack lasted from July 31 to August 20, and by August 22, the airline announced the breach after several fraud complaints from customers, and also on the same day alerted Guangzhou police.

“The suspect coded the hacking software himself,” a police officer said.

According to People’s Daily Online, authorities eventually tracked down Zhang and arrested him in Dalian, a city in North China, on November 11. A police officer said the hack was a result of a loophole in the airline’s computer system and was not highly sophisticated.