Privacy on AA.com ?

 
Old Jul 13, 11, 12:18 pm
  #1  
Original Poster
 
Join Date: Jul 2011
Posts: 1
Exclamation Privacy on AA.com ?

I am concerned with the privacy on the AA.com website. Specifically, without logging in, anyone can pull my complete itinerary (and all my companions) just by knowing my name and first flight connection... so, if a coworker or friend knows I'm traveling to the V.I. through MIA, they can get my exact flight details, including all connections and arrival times.. plus the FIRST MIDDLE and LAST names of all people on my itinerary.. without any privacy controls.. just by entering my name and flight number. To me, it is definitely a privacy breach and potentially a safety issue.

Does anyone know a work around or a way to remove this?
jcotten1 is offline  
Old Jul 13, 11, 12:28 pm
  #2  
In Memoriam
 
Join Date: Jan 2000
Location: Always on vacation
Programs: aa exp - spg gold - Hyatt Diamond - HH Gold
Posts: 6,007
Welcome to FlyerTalk jcotten1.

The Rules and Guidelines you agreed to prior to being given permission to post state the following:
Post Your Thread to Just One Forum - link to this guideline
Don't post the same thread more than once. Our members read many forums, and weeding through the same message in multiple forums can be frustrating. Duplicate threads will be deleted, combined or locked.
I will be deleting your prior post on this topic and let this one go with a reminder.

~moderator

Last edited by magic111; Jul 13, 11 at 12:36 pm
magic111 is offline  
Old Jul 13, 11, 1:09 pm
  #3  
 
Join Date: Sep 2008
Location: AUS
Programs: AA PLT, Amex Plat
Posts: 4,342
I'm not seeing this behavior.

When I go to:

https://www.aa.com/reservation/findReservationAccess.do

it requires passenger name and record locator. Knowing the first flight connection was not enough.

I attempted with a first and last name minus a record locator and that does not work (returned error)

OP, where specifically are you seeing this and please provide exact steps.

Regards
scubadu is offline  
Old Jul 13, 11, 1:19 pm
  #4  
Moderator: American AAdvantage & TravelBuzz
 
Join Date: Nov 2007
Location: BOS
Programs: AA EXP, Marriott Titanium
Posts: 9,922
I was able to pull up a family member's itin without the record locator. At the left margin of the page you linked, it provides the steps:

If you do not know your Record Locator:

- Enter the Passenger First and Last Name
- Select the Carrier
- Enter the Flight Number and Departure City
- Select the Departure Date
- Click Go
JY1024 is offline  
Old Jul 13, 11, 1:44 pm
  #5  
Suspended
 
Join Date: Nov 2004
Location: London
Programs: BA GGL, AA 1MM LT GLD, SPG PLAT, National Exec Selc, Hilton Diamond, Hyatt Plat, Marriott Silver
Posts: 8,278
Originally Posted by jcotten1 View Post
I am concerned with the privacy on the AA.com website. Specifically, without logging in, anyone can pull my complete itinerary (and all my companions) just by knowing my name and first flight connection... so, if a coworker or friend knows I'm traveling to the V.I. through MIA, they can get my exact flight details, including all connections and arrival times.. plus the FIRST MIDDLE and LAST names of all people on my itinerary.. without any privacy controls.. just by entering my name and flight number. To me, it is definitely a privacy breach and potentially a safety issue.

Does anyone know a work around or a way to remove this?
May I ask why you care?
sts603 is offline  
Old Jul 13, 11, 1:52 pm
  #6  
 
Join Date: Feb 2006
Location: So Cal
Programs: AA EXP - 1.4MM
Posts: 684
Originally Posted by sts603 View Post
May I ask why you care?
+1.

They already know a lot about you OP (so your cry of 'privacy' is way over the top): first and last name, favored airline, date you're traveling and airport.

How to avoid? Don't fly.

I sure hope AA doesn't spend any IT resources 'fixing' this. Plenty of other things on the website that need their attention.
West Coast Ace is offline  
Old Jul 13, 11, 2:10 pm
  #7  
FlyerTalk Evangelist
 
Join Date: May 2001
Location: LAX; AA EXP, MM; HH Gold
Posts: 31,790
Originally Posted by jcotten1 View Post
Does anyone know a work around or a way to remove this?
Don't inform so many friends or co-workers of your travel plans? Limit the dissemination of such info to those with a need-to-know? Perhaps only to those individuals you trust?

I agree with others - I don't see the privacy or "safety" issue here.
FWAAA is offline  
Old Jul 13, 11, 2:20 pm
  #8  
 
Join Date: Jun 2011
Location: BOS
Programs: AA EXP
Posts: 7,711
Originally Posted by West Coast Ace View Post
They already know a lot about you OP (so your cry of 'privacy' is way over the top): first and last name, favored airline, date you're traveling and airport.
Originally Posted by FWAAA View Post
Don't inform so many friends or co-workers of your travel plans? Limit the dissemination of such info to those with a need-to-know? Perhaps only to those individuals you trust?

I agree with others - I don't see the privacy or "safety" issue here.
Perhaps the concern is about a cyberstalker or ex willing to try multiple combinations to see who you currently choose to vacation with.
Ambraciot is offline  
Old Jul 13, 11, 2:55 pm
  #9  
 
Join Date: Feb 2011
Location: Texas
Programs: AAdvantage PLT 2.1MM -- Starwood Preferred Guest GLD -- Hilton HHonors GLD
Posts: 23
Originally Posted by Ambraciot View Post
Perhaps the concern is about a cyberstalker or ex willing to try multiple combinations to see who you currently choose to vacation with.
If this was the case and the cyberstalker or ex is smart enough to know the trip date and destination, they probably have access through the same means they used to find out previous info (friends, family, etc) to find out everything without going to the trouble on aa.com.

I see no privacy issues whatsoever.
r44matt is offline  
Old Jul 13, 11, 4:59 pm
  #10  
 
Join Date: Apr 2001
Location: DFW
Programs: AA EP 3MM, UA Silver, Bonvoy Ambassador, Hyatt Gobalist, HH Silver, Caesars PLT
Posts: 7,031
When not logged in as the traveller, I've never had success getting itineraries to show up without a PNR.
aamilesslave is offline  
Old Jul 13, 11, 7:05 pm
  #11  
 
Join Date: Sep 2008
Location: AUS
Programs: AA PLT, Amex Plat
Posts: 4,342
Originally Posted by JY1024 View Post
I was able to pull up a family member's itin without the record locator. At the left margin of the page you linked, it provides the steps:
Ah, interesting. If I go to the link in my post without logging into my AAdvantage account, I do not see the options you outlined below. When I'm not logged in the language is only:

"If you do not know your Record Locator:

* Login to view a list of your reservations
* Contact AA Reservations"

but when I login to my AAdvantage account, I see the language you reference.

But like others, I'm kinda meh. Probably poor privacy best practices, but I'm too lazy to expend much emotional energy on this one...

Regards
scubadu is offline  
Old Jul 13, 11, 10:06 pm
  #12  
Suspended
 
Join Date: Dec 2005
Posts: 9,916
Originally Posted by r44matt View Post

I see no privacy issues whatsoever.
I believe if you called AA Res and gave a flight number and last name (without having used your frequent flier number to access AA res) they would ask you an ID question before continuing. For example, "Can you tell me the billing address of the credit card for this reservation," etc.

I know for a fact if I call AA res (identified by my FF number) and ask to confirm if Joe Smith is flying on Flight X they will not do it, unless something changed.

Therefore, OP's point is there is a lower level of security on their website.
elitetraveler is offline  
Old Jul 14, 11, 12:07 am
  #13  
 
Join Date: May 2004
Location: San Francisco, CA
Programs: AA EXP 1MM, UA 1K, Marriott/SPG Platinum Elite
Posts: 774
I agree with the OP. I think it's very bad privacy practice to allow people to look up your flights, itinerary, companions, fare, etc. with only a last name and a flight number (and/or other minimal information).
mmjaysee is offline  
Old Jul 14, 11, 3:58 am
  #14  
 
Join Date: Jun 2004
Location: SFO
Programs: AA PLT; UA Gold
Posts: 5,378
AFAIK this is not less security than if you call on the phone.
justageek is offline  
Old Jul 14, 11, 4:50 am
  #15  
 
Join Date: Mar 2006
Location: Hotlanta.
Programs: I've gone underground!
Posts: 3,432
As long as my cyberstalker is hot and is willing to sit in the middle seat on a slAAveship...
emma dog is offline  

Thread Tools
Search this Thread
Search Engine: