Originally Posted by Lux Flyer

If this was a thing professional fraudsters wanted to do, they would be camping out in baggage claims, collecting PNRs/last names from the bag tags, as was mentioned above. They would get a million times better return on their time investment to steal identities than waiting for the rare situation in which a PNR/last name combination to be inadvertently posted on Twitter/social media.

I (personally) think you're blowing this out of proportion for what it was, but if you're truly as concerned about your privacy online that you're making it out to be from AA disclosing the record locator, I'd recommend removing your last name from your twitter profile/whereever else you are using it online as it would 1) have prevented this from being an issue in the first place and 2) with your name and the amount of public records available online someone dedicated enough could easily almost all of of the information that would be exposed from the PNR anyways.

Also since it looks like you just joined - welcome. And you probably hit the post limit for a new account so it will probably be a day before we can discuss further.