AOL Finally Admits They Were Hacked

pdclarry writes: "Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions. Well, AOL has finally come clean. Apparently unknown individuals accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."

2%?

[Anonymous Coward]

2% of their members....roughly equivalent to 42 users if my math is correct.

Re:

[mu51c10rd]

Close...2% of 100 members is only 2. I am sure both have been notified...

Re:2%?

[Anonymous Coward]

I signed up for a free @netscape.net email address circa 2001. That one still works, but it's been an AOL alias for many years now.

Didn't see it coming?

[B33rNinj4]

Wait, they employ a "Digital Prophet." Why didn't Shingy see it coming?

Re:

[Yaur]

It doesn't say 2% of current members so it could mean ~600k accounts.

Did they get at the free disc silos???

[NotDrWho]

Tell me those are still okay, PLEASE!!!

Re:

[Megane]

I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!

Re:

[sjames]

Well played sir!

Re:

[Megane]

I'll say this for the AOLers... at least they would put their quotes before the reply, unlike the people using Microsoft Outlook.

>Well played sir!

>>Me too

>>>I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!

>>>>Tell me those are still okay, PLEASE!!!

thegiggling666@aol.com

[WhatsAProGingrass]

Just got an email from an aol account user 20 minutes ago from "thegiggling666@aol.com." All it said was something about Scanning of class A to C IP ranges for an unlimited amount of ports and about 20 other unique features of some product. Also a youtube link that I have yet to click on.

No way

[CauseBy]

I'm having a hard time believing this story because I'm pretty sure AOL ceased to exist fifteen years ago.

Misleading

[soundguy]

These AOLoser accounts don't represent living beings. Everyone with a pulse left for greener pastures a decade ago. All that's left are the accounts of people who died and who's estates keep autopaying the bill. I.E., they are ZOMBIE accounts.

...and so it begins

Re:

[Gareth Iwan Fairclough]

These AOLoser accounts don't represent living beings. Everyone with a pulse left for greener pastures a decade ago. All that's left are the accounts of people who died and who's estates keep autopaying the bill. I.E., they are ZOMBIE accounts. ...and so it begins

No, I still use mine. It's worked fine for nearly 20 years (Holy crap, 20?!), the spam filter is actually pretty good aaaand I just can't be bothered to change every single account I've made on the internet over to a new address. Oh, that and I had the sense to not name it something unprofessional back then so it's okay to use it for any correspondence with work etc. While "S3xyBeestMutherFuka@aol.com" has a certain ring to it, I thought that my actual email address would be easier to remember.

TL;DR, Ye

Re:

[r.freeman]

Not everyone has broadband, jackass.

relax gramps

Re:

[antdude]

I know two/2 active AOLers: My old uncle and high school friend. :O

Re:

[dead_user]

My 78 year old boss's AOL account was hacked a few weeks ago. It started receiving 40-50 undeliverable returns every 4-5 hours in batches. I know it was using a strong password because I set it myself a few weeks before that. I was able to use the obvious breach as a way to finally get the AOL account turned off. Believe it or not, he was still paying 24.95 a month for AOL access. Nevermind the fact that we run our own email server and I can point an alias anywhere he wishes. I think for him it was lik

Re:

[jbmartin6]

Incorrect. AIM, at least, is widely used within the financial world.

Re:

[ShaunC]

AIM, at least, is widely used within the financial world.

Interesting. The actual AOL-produced client, or Pidgin with OTR?

Re:

[jbmartin6]

The AOL client in some cases, not all. Typically it runs through a proxy or third party service like Pivot so that all messages can be recorded, which is a regulatory requirement in the USA. The need to record everything precludes using OTR or similar mechanisms.

To be fair...

[Anonymous Coward]

the spammers tried to cancel their accounts via the phone but were just given more free months.

This was the only way.

When will Yahoo admit it?

[gander666]

Seems like 2 or 3 contacts a week with Yahoo mail accounts gets hacked every week. I really wish Yahoo would get their shit together too.

Re:

[Qzukk]

Guessing someone's password is not hacking. Especially if it's a yahoo user who probably thought it would be hilarious to use "assword" after they were told they couldn't have "password".

Re:

[Anonymous Coward]

Amazing, that's the same combination I have on my luggage!

Re:

[gander666]

I was being facetious, I do know the difference. But it has to be more than poor password discipline that causes Yahoo mail accounts to be so susceptible.

Re:

[gander666]

Yeah, great. It is just that the people I know who are Yahoo mail users aren't smart enough to do 2 factor authentication.

I think we all missed the real news here

[Anonymous Coward]

AOL Still exists?!

Re:

[Gareth Iwan Fairclough]

AOL Still exists?!

Yup.

Re:

[MrBrklyn]

quite a few people of my generation still use them

YOU GOT HACKED GOOD BUY!

[Joe_Dragon]

YOU GOT HACKED GOOD BUY!

Does not compute

[jbmartin6]

How does a surge in spoofed spam lead one to conclude AOL was hacked? I understand this was due to people using the information to spoof messages to known contacts, thus being more likely to get the evil links clicked. What I don't see is why mail admins would suspect this before the fact simply due to a spike in spoofed email. Does this sort of thing happen often? (i.e. bulk spoofed to contacts after a compromise)

Re:

[datapharmer]

because the spf records don't pass but the recipient recognizes the sender?

AOL ahead of its time

[jovius]

News travel 20 years late. Spam at eleven.

Change our security questions?

[Daetrin]

"AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."

Hey mom? Sorry to bother you, but AOL got hacked, so could you please change your maiden name? I need a new answer for my security question.

This is like...

[TsuruchiBrian]

This is like finding out that Dutch East India Company servers were hacked.

I am shocked. *shocked*

[140Mandak262Jamuna]

AOL still exists?

Re:

[Anrego]

AOL is kinda weird. They own a bunch of fairly big things, but their brand means nothing any more and they don't really throw it around (who wants to read "The AOL Huffington Post"). They pretty much exist as an invisible parent company.

um

[Charliemopps]

This is like the 4th or 5th time they've been hacked this year, they've admitted it every time. How is this news other than that it's surprising people still use AOL mail?

AOL Reader for RSS is why I still use AOL

[lemur3]

For many people still using an RSS Reader on the web.. and whom loved Google Reader.. AOL Reader is the only reason to have an AOL email account. (with a simple greasemonkey script to hide the ad bar).. It is a well featured, well done product. And I will have to change my (strong, unique) password now, which is a slight bummer.

But this news brings up another issue. The main competitor in the RSS world now is Feedly, but with them deciding to forgo the risk/expense of an authentication system altogether and

Good Timing

[Oysterville]

Just before Mother's Day, so many a geek can go see Grandma and kill two birds with one stone.

Change their security questions to what?

[John.Banister]

Does AOL let you write your own, or do they use the same seven security questions I see everywhere else?

surprise, surprise, surprise

[Indy1]

Aol has always been pretty spammy, but they've gotten out of control lately, and as usual, ignoring the problem.

I lost patience with them years ago, and started firewalling any netblock from them that was causing problems.

Solved a lot of problems, and since no one in their right mind uses them anymore, I'm not too worried about blocking anything legit.

Did I hear that right?

[Damian J Pound]

I hope when they said "encrypted passwords" they meant "hashed passwords".