Originally Posted by Duckle

For a bit more clarification it was a big multi city booking made on BA with 5 flights operated by AA. Having access to AA system would give them access from there to the BA reference and I know for a fact that within the OW alliance some reservations could be put into other airlines systems. For example I believe you can access a BA booking on Sri Lankan with a BA reference number. Sri Lankan allows access to passport data and everything else with no further verification. Once there they literally have everything. Even just on AA site you have enough info to call up and get thru security and modify/cancel flights as you wish with all charges billed to card on file.

So I believe it is fairly serious if a professional/bot did see the info
Why Twitter? I was asking a "in theory" question. I was asking whether something would work, not for them to do it. So felt no need for a DM as it was a standard question. When I asked them what booking they were talking about I was expecting the answer to be the date, the flight destination or perhaps a DM, not something confidential