Privacy on AA.com ?
 

I am concerned with the privacy on the AA.com website. Specifically, without logging in, anyone can pull my complete itinerary (and all my companions) just by knowing my name and first flight connection... so, if a coworker or friend knows I'm traveling to the V.I. through MIA, they can get my exact flight details, including all connections and arrival times.. plus the FIRST MIDDLE and LAST names of all people on my itinerary.. without any privacy controls.. just by entering my name and flight number. To me, it is definitely a privacy breach and potentially a safety issue.

Does anyone know a work around or a way to remove this?

I'm not seeing this behavior.

When I go to:

https://www.aa.com/reservation/findReservationAccess.do

it requires passenger name and record locator. Knowing the first flight connection was not enough.

I attempted with a first and last name minus a record locator and that does not work (returned error)

OP, where specifically are you seeing this and please provide exact steps.

Regards

I was able to pull up a family member's itin without the record locator. At the left margin of the page you linked, it provides the steps:

May I ask why you care?

+1.

They already know a lot about you OP (so your cry of 'privacy' is way over the top): first and last name, favored airline, date you're traveling and airport.

How to avoid? Don't fly.

I sure hope AA doesn't spend any IT resources 'fixing' this. Plenty of other things on the website that need their attention.

Don't inform so many friends or co-workers of your travel plans? Limit the dissemination of such info to those with a need-to-know? Perhaps only to those individuals you trust?

I agree with others - I don't see the privacy or "safety" issue here.

Perhaps the concern is about a cyberstalker or ex willing to try multiple combinations to see who you currently choose to vacation with.

If this was the case and the cyberstalker or ex is smart enough to know the trip date and destination, they probably have access through the same means they used to find out previous info (friends, family, etc) to find out everything without going to the trouble on aa.com.

I see no privacy issues whatsoever.

When not logged in as the traveller, I've never had success getting itineraries to show up without a PNR.

Ah, interesting. If I go to the link in my post without logging into my AAdvantage account, I do not see the options you outlined below. When I'm not logged in the language is only:

"If you do not know your Record Locator:

* Login to view a list of your reservations
* Contact AA Reservations"

but when I login to my AAdvantage account, I see the language you reference.

But like others, I'm kinda meh. Probably poor privacy best practices, but I'm too lazy to expend much emotional energy on this one...

Regards

I believe if you called AA Res and gave a flight number and last name (without having used your frequent flier number to access AA res) they would ask you an ID question before continuing. For example, "Can you tell me the billing address of the credit card for this reservation," etc.

I know for a fact if I call AA res (identified by my FF number) and ask to confirm if Joe Smith is flying on Flight X they will not do it, unless something changed.

Therefore, OP's point is there is a lower level of security on their website.

I agree with the OP. I think it's very bad privacy practice to allow people to look up your flights, itinerary, companions, fare, etc. with only a last name and a flight number (and/or other minimal information).

AFAIK this is not less security than if you call on the phone.

As long as my cyberstalker is hot and is willing to sit in the middle seat on a slAAveship...