Originally Posted by
Duckle
For a bit more clarification it was a big multi city booking made on BA with 5 flights operated by AA. Having access to AA system would give them access from there to the BA reference and I know for a fact that within the OW alliance some reservations could be put into other airlines systems. For example I believe you can access a BA booking on Sri Lankan with a BA reference number. Sri Lankan allows access to passport data and everything else with no further verification. Once there they literally have everything. Even just on AA site you have enough info to call up and get thru security and modify/cancel flights as you wish with all charges billed to card on file.
If this was a thing professional fraudsters wanted to do, they would be camping out in baggage claims, collecting PNRs/last names from the bag tags, as was mentioned above. They would get a million times better return on their time investment to steal identities than waiting for the rare situation in which a PNR/last name combination to be inadvertently posted on Twitter/social media.
I (personally) think you're blowing this out of proportion for what it was, but if you're truly as concerned about your privacy online that you're making it out to be from AA disclosing the record locator, I'd recommend removing your last name from your twitter profile/whereever else you are using it online as it would 1) have prevented this from being an issue in the first place and 2) with your name and the amount of public records available online someone dedicated enough could easily almost all of of the information that would be exposed from the PNR anyways.
Also since it looks like you just joined - welcome. And you probably hit the post limit for a new account so it will probably be a day before we can discuss further.