Yeah, I’m pretty confident they’ve not compromised my email account (which is only a crappy Hotmail one, just one I’ve always used). Looks like it was just Expedia, I can’t honestly remember if that had a unique password, my email, online banks etc all do, so don’t think anything hugely nefarious is out there that wasn’t before at least. The guy’s name was in my Expedia account as a linked passenger, presumably paid for using a stolen card (not mine), they just piggy back on a legit account to make it harder to trace back to them. Bit weird, it’s a flight, you’ll need ID. As you say, I did have some personal details in Expedia, so will keep an eye on all that. I don’t think that seems to have been the aim though.
I was reading up last night – apparently it’s a common tactic to stop you noticing fraudulent transactions – sure enough when I searched I had the booking confirmation from Expedia among the 19700(!) emails I’d received this morning, but would have had no clue otherwise. They seem to have subsided now, I guess they just do an initial barrage, then stop. Have had 20 in the last hour, compared to >100 a minute last night.
They’re all in my junk email, so will filter through in the next couple of days. All very odd.