“Unacceptable”: SA Unhappy As FlySafair Accidentally Leaks Private Info of R12 Sale Customers
- FlySafair accidentally exposed the personal details of customers who took part in its R12 birthday ticket sale
- The leak came from a new chat feature added to the sale portal, which was taken down by 11:20
- South Africans were not impressed, with some calling for a class action lawsuit and others questioning whether the leak was truly an accident
Source: Twitter
FlySafair's much-anticipated R12 birthday ticket sale on 6 May 2026 turned into a data privacy headache. This was after the airline accidentally exposed the personal information of customers taking part. @mybroadband shared the story on X the same day, stating:
"FlySafair accidentally leaked the private information of people, including email addresses, who took part in its popular R12 a ticket sale."
According to MyBroadband, a chat bulletin board added to the sale portal this year had an API that was openly accessible. This meant that anyone who knew where to look could pull the full names, email addresses and IP addresses of people using it. The feature also showed whether a user had won a ticket.
MyBroadband notified FlySafair as soon as it became aware of the issue, and the airline's team worked to take the API down. From the time the sale opened at 9:00 am until the chat board went offline, the data was exposed for one hour and 39 minutes.
PAY ATTENTION: Briefly News is now on YouTube! Check out our interviews on Briefly TV Life now!
What FlySafair said about the data leak?
FlySafair spokesperson and chief marketing officer Kirby Gordon confirmed the chat feature was removed at 11:20 and that all API data, including email and IP addresses, had been cleared. He said the leak was something the airline would be reviewing with its technology partners as an urgent priority. He called what happened entirely unacceptable.
The chat feature was new this year. In previous sales, the portal used a live feed from X instead. Gordon said the airline wanted something more controlled and engaging, but the new feature clearly hadn't been tested thoroughly enough before going live.
See the X post here:
SA unimpressed by FlySafair R12 sale data leak
People on X had strong opinions and shared them on the X page @mybroadband:
@smabhena31 warned:
"Just the other day, I was warning people about this airline's fishing competitions. The calls you get early in the morning? These companies are exchanging and selling your information."
@Sam_Masemula joked:
"Imagine scoring a cheap ticket, only for your personal data to become part of the trip."
@BrandonLorenzo called out:
"A massive class action lawsuit for negligence against FlySafair will happen. FlySafair has a responsibility according to the POPI Act."
@Lunghi_Baloyi noted:
"Looks like what we're getting cheaper, we're paying for with our information."
@onlinebaas suggested:
"Or they sold it themselves for extra cash and reported it as a hack."
Source: Twitter
More on SA airlines and airports making headlines
- Briefly News reported on a FlySafair employee who made a surprising confession about his career that had South Africans debating whether it was even possible.
- A major private equity deal involving FlySafair was announced, with the airline set to change hands.
- A ground staff member at Cape Town International Airport caused a scene that had passengers and onlookers questioning how the airline runs things on the ground.
PAY ATTENTION: Follow Briefly News on Twitter and never miss the hottest topics! Find us at @brieflyza!
Proofreading by Kelly Lippke, copy editor at Briefly.co.za.
Source: Briefly News
