Originally Posted by
Gardyloo
It could well be that they changed everything online, including my contact email address, before booking the tickets, which was all done the day before yesterday.
Believe me, I'm going to do everything I can to protect my accounts, but I'm still puzzled how they got my AA number and password for the old account, in order to change the contact info. Unfortunately, I guess I'll have to wait until Monday to talk to anybody about this. Has there been any mention of cybersecurity glitches during the AA/US melding?
Glad you're on top of it. Was your password one that's associated with a lot of different stuff of yours (other accounts, etc) and over a very long term?
In any case, those are highy unusual awards for a hack then sell, definitely not the kind of routes one usually sees on those. Great that you caught it when you did.