Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Finally Admits They Were Hacked

Posted by Soulskill on from the change-the-password-on-your-coasters dept.

pdclarry writes: "Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions. Well, AOL has finally come clean. Apparently unknown individuals accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."

54 comments

  1. 2%? by Anonymous Coward · · Score: 4, Funny

    2% of their members....roughly equivalent to 42 users if my math is correct.

    1. Re:2%? by mu51c10rd · · Score: 1, Funny

      Close...2% of 100 members is only 2. I am sure both have been notified...

    2. Re:2%? by Anonymous Coward · · Score: 4, Informative

      I signed up for a free @netscape.net email address circa 2001. That one still works, but it's been an AOL alias for many years now.

  2. Didn't see it coming? by B33rNinj4 · · Score: 4, Insightful

    Wait, they employ a "Digital Prophet." Why didn't Shingy see it coming?

  3. Doubtless by Anonymous Coward · · Score: 0

    >AOL claims that it affects 'only' 2% of their members

    That guy must be pissed!

    1. Re:Doubtless by Yaur · · Score: 1

      It doesn't say 2% of current members so it could mean ~600k accounts.

  4. Did they get at the free disc silos??? by NotDrWho · · Score: 2

    Tell me those are still okay, PLEASE!!!

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:Did they get at the free disc silos??? by Megane · · Score: 1

      I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    2. Re:Did they get at the free disc silos??? by Anonymous Coward · · Score: 0

      > Tell me those are still okay, PLEASE!!!

      > I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!

      Me too

    3. Re:Did they get at the free disc silos??? by sjames · · Score: 1

      Well played sir!

    4. Re:Did they get at the free disc silos??? by Megane · · Score: 1

      I'll say this for the AOLers... at least they would put their quotes before the reply, unlike the people using Microsoft Outlook.

      >Well played sir!

      >>Me too

      >>>I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!

      >>>>Tell me those are still okay, PLEASE!!!

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  5. Methodus Toolz by Anonymous Coward · · Score: 0

    A/S/L?

  6. thegiggling666@aol.com by WhatsAProGingrass · · Score: 2

    Just got an email from an aol account user 20 minutes ago from "thegiggling666@aol.com." All it said was something about Scanning of class A to C IP ranges for an unlimited amount of ports and about 20 other unique features of some product. Also a youtube link that I have yet to click on.

    --
    Mark
  7. No way by CauseBy · · Score: 2

    I'm having a hard time believing this story because I'm pretty sure AOL ceased to exist fifteen years ago.

  8. Misleading by soundguy · · Score: 4, Insightful

    These AOLoser accounts don't represent living beings. Everyone with a pulse left for greener pastures a decade ago. All that's left are the accounts of people who died and who's estates keep autopaying the bill. I.E., they are ZOMBIE accounts.

    ...and so it begins

    --
    Nothing worthwhile ever happens before noon
    1. Re:Misleading by GarethIwanFairclough · · Score: 1

      These AOLoser accounts don't represent living beings. Everyone with a pulse left for greener pastures a decade ago. All that's left are the accounts of people who died and who's estates keep autopaying the bill. I.E., they are ZOMBIE accounts. ...and so it begins

      No, I still use mine. It's worked fine for nearly 20 years (Holy crap, 20?!), the spam filter is actually pretty good aaaand I just can't be bothered to change every single account I've made on the internet over to a new address. Oh, that and I had the sense to not name it something unprofessional back then so it's okay to use it for any correspondence with work etc. While "S3xyBeestMutherFuka@aol.com" has a certain ring to it, I thought that my actual email address would be easier to remember.

      TL;DR, Yes, some people do still use AOL webmail.

      By the way, Kosh? Is that you?

    2. Re:Misleading by Anonymous Coward · · Score: 0

      Not everyone has broadband, jackass.

    3. Re:Misleading by antdude · · Score: 1

      I know two/2 active AOLers: My old uncle and high school friend. :O

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    4. Re:Misleading by jbmartin6 · · Score: 1

      Incorrect. AIM, at least, is widely used within the financial world.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    5. Re:Misleading by r.freeman · · Score: 1

      Not everyone has broadband, jackass.

      relax gramps

    6. Re:Misleading by ShaunC · · Score: 1

      AIM, at least, is widely used within the financial world.

      Interesting. The actual AOL-produced client, or Pidgin with OTR?

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    7. Re:Misleading by jbmartin6 · · Score: 1

      The AOL client in some cases, not all. Typically it runs through a proxy or third party service like Pivot so that all messages can be recorded, which is a regulatory requirement in the USA. The need to record everything precludes using OTR or similar mechanisms.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  9. To be fair... by Anonymous Coward · · Score: 1

    the spammers tried to cancel their accounts via the phone but were just given more free months.

    This was the only way.

  10. When will Yahoo admit it? by gander666 · · Score: 3, Informative

    Seems like 2 or 3 contacts a week with Yahoo mail accounts gets hacked every week. I really wish Yahoo would get their shit together too.

    --
    Suppose you were an idiot and suppose you were a member of Congress ... but I repeat myself. - Mark T
    1. Re:When will Yahoo admit it? by Qzukk · · Score: 2

      Guessing someone's password is not hacking. Especially if it's a yahoo user who probably thought it would be hilarious to use "assword" after they were told they couldn't have "password".

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    2. Re:When will Yahoo admit it? by Anonymous Coward · · Score: 0

      Yahoo did get their shit together. Like Google and Microsoft, Yahoo offers two step authentication / two factor. You just need to get the users on Yahoo to get their shit together. As soon as they all use two factor, these spammer dilholes won't be able to authenticate as the Yahoo user accounts anymore. I've got accounts on all three services and they all work pretty much the same now. If you are logging on to their service from an unrecognized device (or after a couple of months on a recognized device), you get a text message with a code and you have to input that code in order to logon. Simple, and it works.

    3. Re:When will Yahoo admit it? by Anonymous Coward · · Score: 1

      Amazing, that's the same combination I have on my luggage!

    4. Re:When will Yahoo admit it? by gander666 · · Score: 1

      I was being facetious, I do know the difference. But it has to be more than poor password discipline that causes Yahoo mail accounts to be so susceptible.

      --
      Suppose you were an idiot and suppose you were a member of Congress ... but I repeat myself. - Mark T
    5. Re:When will Yahoo admit it? by gander666 · · Score: 1

      Yeah, great. It is just that the people I know who are Yahoo mail users aren't smart enough to do 2 factor authentication.

      --
      Suppose you were an idiot and suppose you were a member of Congress ... but I repeat myself. - Mark T
    6. Re:When will Yahoo admit it? by Anonymous Coward · · Score: 0

      you too?? crazy.

  11. I think we all missed the real news here by Anonymous Coward · · Score: 2, Funny

    AOL Still exists?!

    1. Re:I think we all missed the real news here by GarethIwanFairclough · · Score: 2

      AOL Still exists?!

      Yup.

    2. Re:I think we all missed the real news here by MrBrklyn · · Score: 1

      quite a few people of my generation still use them

      --
      http://www.mrbrklyn.com/amsterdam.html http://www.brooklyn-living.com
  12. YOU GOT HACKED GOOD BUY! by Joe_Dragon · · Score: 1

    YOU GOT HACKED GOOD BUY!

  13. Does not compute by jbmartin6 · · Score: 1

    How does a surge in spoofed spam lead one to conclude AOL was hacked? I understand this was due to people using the information to spoof messages to known contacts, thus being more likely to get the evil links clicked. What I don't see is why mail admins would suspect this before the fact simply due to a spike in spoofed email. Does this sort of thing happen often? (i.e. bulk spoofed to contacts after a compromise)

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    1. Re:Does not compute by datapharmer · · Score: 1

      because the spf records don't pass but the recipient recognizes the sender?

      --
      Get a web developer
  14. Sudden spurt of spam from AOL? by Anonymous Coward · · Score: 0

    I wouldn't call the last 20 years "sudden"...

  15. AOL ahead of its time by jovius · · Score: 1

    News travel 20 years late. Spam at eleven.

  16. Change our security questions? by Daetrin · · Score: 5, Funny

    "AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."

    Hey mom? Sorry to bother you, but AOL got hacked, so could you please change your maiden name? I need a new answer for my security question.

    --
    This Space Intentionally Left Blank
  17. This is like... by TsuruchiBrian · · Score: 4, Funny

    This is like finding out that Dutch East India Company servers were hacked.

  18. Hacked by Anonymous Coward · · Score: 0

    Those "BASTARDS"....

  19. I am shocked. *shocked* by 140Mandak262Jamuna · · Score: 1

    AOL still exists?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:I am shocked. *shocked* by Anrego · · Score: 2

      AOL is kinda weird. They own a bunch of fairly big things, but their brand means nothing any more and they don't really throw it around (who wants to read "The AOL Huffington Post"). They pretty much exist as an invisible parent company.

  20. Hah by Anonymous Coward · · Score: 0

    Probably a publicity stunt to remind the world that they still actually exist.

    I know there are a few random people who still use their AOL email account (for whatever reason), but I have to assume the vast majority of accounts are long forgotten about or were nothing but one time use "get past a registration page" accounts anyway.

  21. um by Charliemopps · · Score: 1

    This is like the 4th or 5th time they've been hacked this year, they've admitted it every time. How is this news other than that it's surprising people still use AOL mail?

  22. AOL Reader for RSS is why I still use AOL by lemur3 · · Score: 1

    For many people still using an RSS Reader on the web.. and whom loved Google Reader.. AOL Reader is the only reason to have an AOL email account. (with a simple greasemonkey script to hide the ad bar).. It is a well featured, well done product. And I will have to change my (strong, unique) password now, which is a slight bummer.

    But this news brings up another issue. The main competitor in the RSS world now is Feedly, but with them deciding to forgo the risk/expense of an authentication system altogether and only allowing OAuth logins via Twitter/Facebook/Google/Microsoft ..with no login system of their own, many people are just uncomfortable giving the Feedly people access to their contacts list and other personal info that they get when using their service.. The info they get access to can be seen in screenshots here: http://imgur.com/a/jsXfT

    Perhaps Feedly (and others) have a bright idea there, avoiding rolling their own auth and letting the inevitable data breach land on the hands of the likes of twitter and Microsoft instead of Feedly itself.. .. That certainly may have been a good idea for Adobe, who lost 1.2 million accounts.

    Even 2% makes me a little worried about the product that is pretty great in AOL Reader.. and I am gonna probably fire up the locally run Tiny Tiny RSS reader this weekend to make sure I have a backup.

  23. Good Timing by Oysterville · · Score: 2

    Just before Mother's Day, so many a geek can go see Grandma and kill two birds with one stone.

  24. Re:Misleading-AOL is free by Anonymous Coward · · Score: 0

    They haven't required payment for a decade.
    AOL is a free e-mail account with a bad interface.

  25. Change their security questions to what? by John.Banister · · Score: 1

    Does AOL let you write your own, or do they use the same seven security questions I see everywhere else?

  26. Re:Misleading-AOL is free by dead_user · · Score: 1

    My 78 year old boss's AOL account was hacked a few weeks ago. It started receiving 40-50 undeliverable returns every 4-5 hours in batches. I know it was using a strong password because I set it myself a few weeks before that. I was able to use the obvious breach as a way to finally get the AOL account turned off. Believe it or not, he was still paying 24.95 a month for AOL access. Nevermind the fact that we run our own email server and I can point an alias anywhere he wishes. I think for him it was like an old friend. Forget that all the people he corresponds with use his new account and he's just looking in from time to time to sift through the spam. He knew he hadn't used the account in years, but he'd had it since he'd had a personal computer. Sometimes it's hard for people to just let go.

    Personally, I've had too many email addresses to get attached to one.

  27. What about AIM accounts? by Anonymous Coward · · Score: 0

    Were they hacked or not?

  28. Seriously by Anonymous Coward · · Score: 0

    They need to be fined for not telling users immediately. They potentially put users data not on AOL alone, but everywhere because it is common for hackers to use leaked data to run it against thousands of websites.

  29. surprise, surprise, surprise by Indy1 · · Score: 2

    Aol has always been pretty spammy, but they've gotten out of control lately, and as usual, ignoring the problem.

    I lost patience with them years ago, and started firewalling any netblock from them that was causing problems.

    Solved a lot of problems, and since no one in their right mind uses them anymore, I'm not too worried about blocking anything legit.

    --
    Lawyers, MBA's, RIAA? A jedi fears not these things!
  30. Did I hear that right? by DamianJPound · · Score: 1

    I hope when they said "encrypted passwords" they meant "hashed passwords".