This seems very pointed towards me as I did have a local flight recently so have actually had a boarding pass emailed to me from the airline. How the hell do they know this?
Airline sold your data to them.
That, or a data leak.
Consider also that if they send 10.000 mails, some will happen to be perfectly aligned for pure chance.
BitDefender is likely not using leaked data, but intentionally sold data? That kind of crap happens all the time.
Unless it’s not REALLY BitDefender, which also happens all the time. :) See all the MacAfee spam…
This is why I use aliases.
Impossible to say without knowing everything about your opsec but yeah, most likely the airline just sold your info to them. Especially if it was Spirit or similar cheap airline.
If your email client doesn’t block remote images by default, like gmail and outlook, then they probably know if you’ve opened their emails at some point due to tracking pixels.
If you don’t use an ad-blocker then advertisers on every site that you visit can connect your identity to your use of that website.
