One thing that has been done is to create new loyalty program accounts for PNRs accessed by passenger name and record locators (which can be swiped or even guessed by brute force attacks) and then manage to enter in the program account number of the account controlled by the "hacker" in order to collect the miles/points and then somehow get a liquidity event out of them.

Cancelling flights and using the eticket and its residual value may also be possible in some cases.