An unauthorized third party may have been able to access about 10,000 AAdvantages accounts, but American Airlines has only identified two specific instances where miles were used without the customer's authorization, Martha Thomas, an American Airlines spokesperson, told in Tuesday email correspondence.

The accounts were accessed using credentials obtained elsewhere, Thomas said, adding the accounts were locked as soon as activity was detected, and American Airlines will restore miles to affected accounts.

All impacted customers are being notified and offered a free year of credit monitoring services, even though accounts do not contain Social Security numbers and full payment card information, Thomas said.

Last week, a United spokesperson told that an unauthorized party was able to make mileage transactions on fewer than three dozen MileagePlus accounts beginning in early December 2014 using credentials obtained from a third-party source.