Originally Posted by
SeeBuyFly
Having AAdvantage numbers compromised would imply that they are confidential and that a breach might result in fraud. However, I have not noticed my number being treated by AA like a credit card number. Last I noticed, it was printed on my boarding passes; it is certainly included in e-mails from AAdvantage. So what might changing the number now (which they have not done, yet, in my case) achieve that could not be achieved by changing the password?
The AAdvantage number itself is not the issue here. But access of the account, which should include a password, that is of concern. Granted one would think just forcing a change to the password would solve the problem. There may be other reasons for such a drastic approach and we will probably never know since it might expose a serious vulnerability they don't want others to know. Maybe there is a way to pull miles from an account without the password.