AOL email hacked: Several users complain about compromised accounts

  • 21 April 2014
  • 4 replies
  • 3 views

Userlevel 7
Badge +54


You've got (spam) mail.

Several AOL users are complaining on Twitter that their email accounts have been hacked and are being used to send out spam to others.

Multiple users have said that their accounts have been affected despite not being used in a long time. Among them is Los Angeles Times Food Editor Russ Parsons.

"I've gotten a couple of emails from friends telling me that my AOL account had been hacked and that they were getting spammed by it. The thing is, that account has been closed for at least two years," Parsons said in an email.
 
Full Article

4 replies

Userlevel 7
I saw a large number of tickets in Support from AOL customer complaining of similar. Most had already changed there passwords so I guessed something was up. 
Userlevel 7
Badge +54
AOL instructs mailbox providers to reject any email allegedly associated with an AOL domain that didn't originate from an AOL server.
 
AOL is imposing a stricter email-validation process aimed at stamping down a massive spoofing attack that has plagued users for the past couple of days, the company said Tuesday.
Following a similar move by Yahoo earlier this month, AOL changed its DMARC policy to "reject," meaning that a line of text has been added to its DNS record instructing mailbox providers to reject any email allegedly associated with an AOL domain that didn't originate from an AOL server. Although the header of a spoofed email has been specially crafted to make it appear the message originated from a specific AOL email address, it in fact never crosses AOL's servers.
 
Full Article
Userlevel 7

AOL Mail locks down email servers to deal with spam tsunami

https:///t5/Security-Industry-News/AOL-Mail-locks-down-email-servers-to-deal-with-spam-tsunami/td-p/103618 14 seconds ago

Security problems like it's 1995

By Iain Thomson, 23 Apr 2014  If you've been getting a lot of spam from AOL emails recently it's not because you've fallen into a time rift and it's the nineties all over again – the company has confirmed that it has been under an intensive spoofing attack.
 
The problems started three days ago when large volumes of email, apparently from AOL Mail's servers, started popping up in inboxes. The spoofed emails included links to the usual spam sites selling diet fads and nostrums, and have been found in very large volumes, so AOL has moved to try and stem the tide.
 "Today we moved to change our DMARC policy to p=reject. This helps to protect AOL Mail users' addresses from unauthorized use," the company said in a blog post.
 
"It also stops delivery on what previously would have been considered authorized mail sent on behalf of AOL Mail users via non-AOL servers. If you're a bulk sender on behalf of AOL addresses, that probably includes mail sent from you."
 
AOL said the shift might impact some listservs and email-forwarding services, as well as email service providers who use AOL. Yes, there still are some, apparently.
 
 
 
Full Article
Userlevel 7
Badge +54
AOL is asking users to reset their passwords as it investigates a recent flurry of spam e-mails.
According to Reuters, the uptick in AOL spam is related to a security breach that affected roughly 2 percent of users. Hackers made off with e-mail addresses, mailing addresses, encrypted passwords, and encrypted security questions. AOL says it's still investigating the matter in conjunction with federal employees.
So far, there's no evidence that the encryption on passwords and security questions has been broken. There's no sign of financial information being compromised either, the Wall Street Journal reports.
 
Full Article

Reply