See a blog post about a similar 2012 info-disclosure security vulnerability at ::

https://www.tinfoilsecurity.com/blog/132969897

The factual stuff is great but I have some concerns about the inferences drawn in the post (it suggested that the author didn't totally understand how airline reservation systems work, which, fair enough, not sure I do).