CLEVELAND - Computer problems have caused flight delays at United Airlines since the company merged its system with Continental. A Five on Your Side consumer investigation found a computer flaw that could put your personal information at risk.
We all know airport security is tight: no shoes, no belts, no jackets. However, what security precautions are being taken online where you check in for a flight and book it?
"I can't take my Mountain Dew on a plane, but I can get into someone else's reservation," Marco Urbanic said.
Urbanic is not someone who tries to hack computer systems. He's simply a businessman who needed a receipt for a recent trip.
Urbanic pulled up an old United email. In this case, it was the check-in reminder for a flight. He clicked on the link in the email, and someone else's reservation and personal information popped up on the screen.
"I have their date of birth, gender, name, and phone number," Urbanic said.
The last four digits of the individual's credit card were also on the screen along with the type of card used.
United told Five on Your Side it's not sensitive information, and nothing more than you'd find in the phone book.
While a button appeared asking Urbanic if he wanted to change the reservation, United said he wouldn't be able to change it without a credit card. Urbanic did not click on the button for fear of messing up this other man's reservation.
We showed what happened to aviation analyst Jay Ratliff. He said it's unacceptable.
"Wow, that is a computer problem with United's reservation system that should not happen," Ratliff said.
Computer problems have been ongoing at United for several months. There have been ticketing issues and flight delays.
Ratliff said he wonders what else is happening that we don't know about?
"Maybe the next time it happens more information, maybe the entire credit card number will come across. Look, I don't want anyone to have any of my personal information," Ratliff said.
So how did this happen?
United reuses its confirmation codes. Both itineraries have the same set of numbers and letters assigned to them even though the flights are only four months apart.
"That person is sitting in seat 27 A," Urbanic said as he looked at someone else's reservation.
To see this personal information, there is no verification. You don't have to enter your username or password like you would with a bank. Your information simply pops up when you click on an email link.
"This makes me nervous about booking online," Urbanic said.
After the Five on Your Side consumer investigator started asking questions, the link stopped working.
This doesn't appear to happen with all flights. I flew over the holidays and when I clicked on my old check-in reminder the link wasn't active.
We reached out to the person whose information was exposed, but haven't heard back.
Copyright 2013 Scripps Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Consumer Advocate Stories
The identities of thousands of taxpayers in Akron were stolen, and security experts say other businesses may be next if they don't take steps to safeguard sensitive information.
We tested several pairs of sunglasses to see if you need to pay a lot to protect your eyes from the sun.