I suspect this is some shady "Buy discount airfares here via email/whatsapp/Telegram" operation in these markets like Nigeria and Bangladesh (some of the originating itineraries we've seen, where people are more desperate and less aware of such shady operators). They sell a ticket at a significant discount, hack an account, book it on their "customer's" name, issue it to them, they can check on the airline website that they have a genuine booking, and then 2+ days later when QR cancels it the shady travel agent has disappeared and is no longer contactable and the "customer" is SOL and a few $1000 out of pocket. That's kind of how I explained it to myself what's going down here... Otherwise (a) you wouldn't book anything for yourself if you're the perpetrator, and (b) you'd redeem the points for gift cards or the like.I suspect they're not the true culprit and there is quite the operation going on, and possibly some laundry being done...
But in my mind to do this (the travel agent operation), you need a list/database of account details that you bought on the dark web somewhere, and then you go to work one by one. But what do I know...