Forgot your password?
typodupeerror
America Online Communications Security Spam

AOL Finally Admits They Were Hacked 54

Posted by Soulskill
from the change-the-password-on-your-coasters dept.
pdclarry writes: "Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions. Well, AOL has finally come clean. Apparently unknown individuals accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."
This discussion has been archived. No new comments can be posted.

AOL Finally Admits They Were Hacked

Comments Filter:
  • 2%? (Score:4, Funny)

    by Anonymous Coward on Tuesday April 29, 2014 @04:34PM (#46871913)

    2% of their members....roughly equivalent to 42 users if my math is correct.

  • by B33rNinj4 (666756) on Tuesday April 29, 2014 @04:36PM (#46871951) Homepage Journal
    Wait, they employ a "Digital Prophet." Why didn't Shingy see it coming?
  • by NotDrWho (3543773) on Tuesday April 29, 2014 @04:41PM (#46872017)

    Tell me those are still okay, PLEASE!!!

    • by Megane (129182)
      I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!
  • by WhatsAProGingrass (726851) on Tuesday April 29, 2014 @04:42PM (#46872043) Homepage
    Just got an email from an aol account user 20 minutes ago from "thegiggling666@aol.com." All it said was something about Scanning of class A to C IP ranges for an unlimited amount of ports and about 20 other unique features of some product. Also a youtube link that I have yet to click on.
  • I'm having a hard time believing this story because I'm pretty sure AOL ceased to exist fifteen years ago.

  • Misleading (Score:5, Insightful)

    by soundguy (415780) on Tuesday April 29, 2014 @04:49PM (#46872137) Homepage
    These AOLoser accounts don't represent living beings. Everyone with a pulse left for greener pastures a decade ago. All that's left are the accounts of people who died and who's estates keep autopaying the bill. I.E., they are ZOMBIE accounts.

    ...and so it begins
    • These AOLoser accounts don't represent living beings. Everyone with a pulse left for greener pastures a decade ago. All that's left are the accounts of people who died and who's estates keep autopaying the bill. I.E., they are ZOMBIE accounts. ...and so it begins

      No, I still use mine. It's worked fine for nearly 20 years (Holy crap, 20?!), the spam filter is actually pretty good aaaand I just can't be bothered to change every single account I've made on the internet over to a new address. Oh, that and I had the sense to not name it something unprofessional back then so it's okay to use it for any correspondence with work etc. While "S3xyBeestMutherFuka@aol.com" has a certain ring to it, I thought that my actual email address would be easier to remember.

      TL;DR, Ye

    • by antdude (79039)

      I know two/2 active AOLers: My old uncle and high school friend. :O

    • Incorrect. AIM, at least, is widely used within the financial world.
      • by ShaunC (203807)

        AIM, at least, is widely used within the financial world.

        Interesting. The actual AOL-produced client, or Pidgin with OTR?

        • The AOL client in some cases, not all. Typically it runs through a proxy or third party service like Pivot so that all messages can be recorded, which is a regulatory requirement in the USA. The need to record everything precludes using OTR or similar mechanisms.
  • by Anonymous Coward

    the spammers tried to cancel their accounts via the phone but were just given more free months.

    This was the only way.

  • by gander666 (723553) * on Tuesday April 29, 2014 @04:53PM (#46872197) Homepage
    Seems like 2 or 3 contacts a week with Yahoo mail accounts gets hacked every week. I really wish Yahoo would get their shit together too.
    • by Qzukk (229616)

      Guessing someone's password is not hacking. Especially if it's a yahoo user who probably thought it would be hilarious to use "assword" after they were told they couldn't have "password".

      • by Anonymous Coward

        Amazing, that's the same combination I have on my luggage!

      • by gander666 (723553) *
        I was being facetious, I do know the difference. But it has to be more than poor password discipline that causes Yahoo mail accounts to be so susceptible.
  • by Anonymous Coward

    AOL Still exists?!

  • YOU GOT HACKED GOOD BUY!

  • How does a surge in spoofed spam lead one to conclude AOL was hacked? I understand this was due to people using the information to spoof messages to known contacts, thus being more likely to get the evil links clicked. What I don't see is why mail admins would suspect this before the fact simply due to a spike in spoofed email. Does this sort of thing happen often? (i.e. bulk spoofed to contacts after a compromise)
  • News travel 20 years late. Spam at eleven.

  • by Daetrin (576516) on Tuesday April 29, 2014 @05:31PM (#46872677)

    "AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."

    Hey mom? Sorry to bother you, but AOL got hacked, so could you please change your maiden name? I need a new answer for my security question.

  • by TsuruchiBrian (2731979) on Tuesday April 29, 2014 @05:33PM (#46872695)
    This is like finding out that Dutch East India Company servers were hacked.
    • by Anrego (830717) *

      AOL is kinda weird. They own a bunch of fairly big things, but their brand means nothing any more and they don't really throw it around (who wants to read "The AOL Huffington Post"). They pretty much exist as an invisible parent company.

  • This is like the 4th or 5th time they've been hacked this year, they've admitted it every time. How is this news other than that it's surprising people still use AOL mail?

  • For many people still using an RSS Reader on the web.. and whom loved Google Reader.. AOL Reader is the only reason to have an AOL email account. (with a simple greasemonkey script to hide the ad bar).. It is a well featured, well done product. And I will have to change my (strong, unique) password now, which is a slight bummer.

    But this news brings up another issue. The main competitor in the RSS world now is Feedly, but with them deciding to forgo the risk/expense of an authentication system altogether and

  • by Oysterville (2944937) on Tuesday April 29, 2014 @06:06PM (#46872981)
    Just before Mother's Day, so many a geek can go see Grandma and kill two birds with one stone.
  • Does AOL let you write your own, or do they use the same seven security questions I see everywhere else?
  • by Indy1 (99447) <spamtrap@fuckedregime.com> on Wednesday April 30, 2014 @03:44AM (#46876123) Homepage

    Aol has always been pretty spammy, but they've gotten out of control lately, and as usual, ignoring the problem.

    I lost patience with them years ago, and started firewalling any netblock from them that was causing problems.

    Solved a lot of problems, and since no one in their right mind uses them anymore, I'm not too worried about blocking anything legit.

  • I hope when they said "encrypted passwords" they meant "hashed passwords".

1 + 1 = 3, for large values of 1.

Working...