According to the researchers, the issue stems from the use of unencrypted check-in links sent to passengers via email. When a person clicks on the link, they are directed to a site to check in for their flight, make changes or print their boarding pass. Because the links are unencrypted, Wandera warns that a malicious actor connected to the same Wi-Fi network could intercept the link request and gain access to the person's check-in page.
Once a hacker has access to the page, they could view a significant amount of personal information, from names and addresses to Passport and ID numbers. They could also access specific details about the flight including booking references, flight times and numbers and seat assignments.
Because of how the vulnerability is exploited, it's unlikely that any sort of widespread attack could be launched against travelers. It would have to be a focused effort directed at individuals. However, it does open up the possibility of a hacker making someone's life miserable by changing their travel plans. Travelers can primarily avoid such an attack by making sure to only visit check-in links on a secure network.