Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AOL Finally Admits They Were Hacked

Soulskill posted about 3 months ago | from the change-the-password-on-your-coasters dept.

America Online 54

pdclarry writes: "Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions. Well, AOL has finally come clean. Apparently unknown individuals accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."

cancel ×

54 comments

2%? (4, Funny)

Anonymous Coward | about 3 months ago | (#46871913)

2% of their members....roughly equivalent to 42 users if my math is correct.

Re:2%? (1, Funny)

mu51c10rd (187182) | about 3 months ago | (#46871937)

Close...2% of 100 members is only 2. I am sure both have been notified...

Re:2%? (4, Informative)

Anonymous Coward | about 3 months ago | (#46872025)

I signed up for a free @netscape.net email address circa 2001. That one still works, but it's been an AOL alias for many years now.

Didn't see it coming? (4, Insightful)

B33rNinj4 (666756) | about 3 months ago | (#46871951)

Wait, they employ a "Digital Prophet." Why didn't Shingy see it coming?

Doubtless (0)

Anonymous Coward | about 3 months ago | (#46871997)

>AOL claims that it affects 'only' 2% of their members

That guy must be pissed!

Re:Doubtless (1)

Yaur (1069446) | about 3 months ago | (#46873191)

It doesn't say 2% of current members so it could mean ~600k accounts.

Did they get at the free disc silos??? (2)

NotDrWho (3543773) | about 3 months ago | (#46872017)

Tell me those are still okay, PLEASE!!!

Re:Did they get at the free disc silos??? (1)

Megane (129182) | about 3 months ago | (#46872179)

I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!

Re:Did they get at the free disc silos??? (0)

Anonymous Coward | about 3 months ago | (#46872265)

> Tell me those are still okay, PLEASE!!!

> I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!

Me too

Re:Did they get at the free disc silos??? (1)

sjames (1099) | about 3 months ago | (#46874769)

Well played sir!

Re:Did they get at the free disc silos??? (1)

Megane (129182) | about 3 months ago | (#46878329)

I'll say this for the AOLers... at least they would put their quotes before the reply, unlike the people using Microsoft Outlook.

>Well played sir!

>>Me too

>>>I'd be more worried if they hacked the CD launchers. Ever see the movie Goldfinger? Those things can slice your head off!

>>>>Tell me those are still okay, PLEASE!!!

Methodus Toolz (0)

Anonymous Coward | about 3 months ago | (#46872021)

A/S/L?

thegiggling666@aol.com (2)

WhatsAProGingrass (726851) | about 3 months ago | (#46872043)

Just got an email from an aol account user 20 minutes ago from "thegiggling666@aol.com." All it said was something about Scanning of class A to C IP ranges for an unlimited amount of ports and about 20 other unique features of some product. Also a youtube link that I have yet to click on.

No way (2)

CauseBy (3029989) | about 3 months ago | (#46872091)

I'm having a hard time believing this story because I'm pretty sure AOL ceased to exist fifteen years ago.

Misleading (4, Insightful)

soundguy (415780) | about 3 months ago | (#46872137)

These AOLoser accounts don't represent living beings. Everyone with a pulse left for greener pastures a decade ago. All that's left are the accounts of people who died and who's estates keep autopaying the bill. I.E., they are ZOMBIE accounts.

...and so it begins

Re:Misleading (1)

Gareth Iwan Fairclough (2831535) | about 3 months ago | (#46872425)

These AOLoser accounts don't represent living beings. Everyone with a pulse left for greener pastures a decade ago. All that's left are the accounts of people who died and who's estates keep autopaying the bill. I.E., they are ZOMBIE accounts. ...and so it begins

No, I still use mine. It's worked fine for nearly 20 years (Holy crap, 20?!), the spam filter is actually pretty good aaaand I just can't be bothered to change every single account I've made on the internet over to a new address. Oh, that and I had the sense to not name it something unprofessional back then so it's okay to use it for any correspondence with work etc. While "S3xyBeestMutherFuka@aol.com" has a certain ring to it, I thought that my actual email address would be easier to remember.

TL;DR, Yes, some people do still use AOL webmail.

By the way, Kosh? Is that you?

Re:Misleading (0)

Anonymous Coward | about 3 months ago | (#46872523)

Not everyone has broadband, jackass.

Re:Misleading (1)

r.freeman (2944629) | about 3 months ago | (#46873349)

Not everyone has broadband, jackass.

relax gramps

Re:Misleading (1)

antdude (79039) | about 3 months ago | (#46872797)

I know two/2 active AOLers: My old uncle and high school friend. :O

Re:Misleading-AOL is free (0)

Anonymous Coward | about 3 months ago | (#46873155)

They haven't required payment for a decade.
AOL is a free e-mail account with a bad interface.

Re:Misleading-AOL is free (1)

dead_user (1989356) | about 3 months ago | (#46874441)

My 78 year old boss's AOL account was hacked a few weeks ago. It started receiving 40-50 undeliverable returns every 4-5 hours in batches. I know it was using a strong password because I set it myself a few weeks before that. I was able to use the obvious breach as a way to finally get the AOL account turned off. Believe it or not, he was still paying 24.95 a month for AOL access. Nevermind the fact that we run our own email server and I can point an alias anywhere he wishes. I think for him it was like an old friend. Forget that all the people he corresponds with use his new account and he's just looking in from time to time to sift through the spam. He knew he hadn't used the account in years, but he'd had it since he'd had a personal computer. Sometimes it's hard for people to just let go.

Personally, I've had too many email addresses to get attached to one.

Re:Misleading (1)

jbmartin6 (1232050) | about 3 months ago | (#46873167)

Incorrect. AIM, at least, is widely used within the financial world.

Re:Misleading (1)

ShaunC (203807) | about 3 months ago | (#46889017)

AIM, at least, is widely used within the financial world.

Interesting. The actual AOL-produced client, or Pidgin with OTR?

Re:Misleading (1)

jbmartin6 (1232050) | about 3 months ago | (#46889289)

The AOL client in some cases, not all. Typically it runs through a proxy or third party service like Pivot so that all messages can be recorded, which is a regulatory requirement in the USA. The need to record everything precludes using OTR or similar mechanisms.

To be fair... (1)

Anonymous Coward | about 3 months ago | (#46872151)

the spammers tried to cancel their accounts via the phone but were just given more free months.

This was the only way.

When will Yahoo admit it? (3, Informative)

gander666 (723553) | about 3 months ago | (#46872197)

Seems like 2 or 3 contacts a week with Yahoo mail accounts gets hacked every week. I really wish Yahoo would get their shit together too.

Re:When will Yahoo admit it? (2)

Qzukk (229616) | about 3 months ago | (#46872257)

Guessing someone's password is not hacking. Especially if it's a yahoo user who probably thought it would be hilarious to use "assword" after they were told they couldn't have "password".

Re:When will Yahoo admit it? (1)

Anonymous Coward | about 3 months ago | (#46872731)

Amazing, that's the same combination I have on my luggage!

Re:When will Yahoo admit it? (0)

Anonymous Coward | about 3 months ago | (#46874263)

you too?? crazy.

Re:When will Yahoo admit it? (1)

gander666 (723553) | about 3 months ago | (#46872831)

I was being facetious, I do know the difference. But it has to be more than poor password discipline that causes Yahoo mail accounts to be so susceptible.

Re:When will Yahoo admit it? (0)

Anonymous Coward | about 3 months ago | (#46872721)

Yahoo did get their shit together. Like Google and Microsoft, Yahoo offers two step authentication / two factor. You just need to get the users on Yahoo to get their shit together. As soon as they all use two factor, these spammer dilholes won't be able to authenticate as the Yahoo user accounts anymore. I've got accounts on all three services and they all work pretty much the same now. If you are logging on to their service from an unrecognized device (or after a couple of months on a recognized device), you get a text message with a code and you have to input that code in order to logon. Simple, and it works.

Re:When will Yahoo admit it? (1)

gander666 (723553) | about 3 months ago | (#46872995)

Yeah, great. It is just that the people I know who are Yahoo mail users aren't smart enough to do 2 factor authentication.

I think we all missed the real news here (2, Funny)

Anonymous Coward | about 3 months ago | (#46872217)

AOL Still exists?!

Re:I think we all missed the real news here (2)

Gareth Iwan Fairclough (2831535) | about 3 months ago | (#46872431)

AOL Still exists?!

Yup.

Re:I think we all missed the real news here (1)

MrBrklyn (4775) | about 3 months ago | (#46874717)

quite a few people of my generation still use them

YOU GOT HACKED GOOD BUY! (1)

Joe_Dragon (2206452) | about 3 months ago | (#46872333)

YOU GOT HACKED GOOD BUY!

Does not compute (1)

jbmartin6 (1232050) | about 3 months ago | (#46872373)

How does a surge in spoofed spam lead one to conclude AOL was hacked? I understand this was due to people using the information to spoof messages to known contacts, thus being more likely to get the evil links clicked. What I don't see is why mail admins would suspect this before the fact simply due to a spike in spoofed email. Does this sort of thing happen often? (i.e. bulk spoofed to contacts after a compromise)

Re:Does not compute (1)

datapharmer (1099455) | about 3 months ago | (#46872463)

because the spf records don't pass but the recipient recognizes the sender?

Sudden spurt of spam from AOL? (0)

Anonymous Coward | about 3 months ago | (#46872479)

I wouldn't call the last 20 years "sudden"...

AOL ahead of its time (1)

jovius (974690) | about 3 months ago | (#46872563)

News travel 20 years late. Spam at eleven.

Change our security questions? (5, Funny)

Daetrin (576516) | about 3 months ago | (#46872677)

"AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."

Hey mom? Sorry to bother you, but AOL got hacked, so could you please change your maiden name? I need a new answer for my security question.

This is like... (4, Funny)

TsuruchiBrian (2731979) | about 3 months ago | (#46872695)

This is like finding out that Dutch East India Company servers were hacked.

Hacked (0)

Anonymous Coward | about 3 months ago | (#46872727)

Those "BASTARDS"....

I am shocked. *shocked* (1)

140Mandak262Jamuna (970587) | about 3 months ago | (#46872801)

AOL still exists?

Re:I am shocked. *shocked* (2)

Anrego (830717) | about 3 months ago | (#46872891)

AOL is kinda weird. They own a bunch of fairly big things, but their brand means nothing any more and they don't really throw it around (who wants to read "The AOL Huffington Post"). They pretty much exist as an invisible parent company.

Hah (0)

Anonymous Coward | about 3 months ago | (#46872839)

Probably a publicity stunt to remind the world that they still actually exist.

I know there are a few random people who still use their AOL email account (for whatever reason), but I have to assume the vast majority of accounts are long forgotten about or were nothing but one time use "get past a registration page" accounts anyway.

um (1)

Charliemopps (1157495) | about 3 months ago | (#46872903)

This is like the 4th or 5th time they've been hacked this year, they've admitted it every time. How is this news other than that it's surprising people still use AOL mail?

AOL Reader for RSS is why I still use AOL (1)

lemur3 (997863) | about 3 months ago | (#46872909)

For many people still using an RSS Reader on the web.. and whom loved Google Reader.. AOL Reader is the only reason to have an AOL email account. (with a simple greasemonkey script to hide the ad bar).. It is a well featured, well done product. And I will have to change my (strong, unique) password now, which is a slight bummer.

But this news brings up another issue. The main competitor in the RSS world now is Feedly, but with them deciding to forgo the risk/expense of an authentication system altogether and only allowing OAuth logins via Twitter/Facebook/Google/Microsoft ..with no login system of their own, many people are just uncomfortable giving the Feedly people access to their contacts list and other personal info that they get when using their service.. The info they get access to can be seen in screenshots here: http://imgur.com/a/jsXfT [imgur.com]

Perhaps Feedly (and others) have a bright idea there, avoiding rolling their own auth and letting the inevitable data breach land on the hands of the likes of twitter and Microsoft instead of Feedly itself.. .. That certainly may have been a good idea for Adobe, who lost 1.2 million accounts.

Even 2% makes me a little worried about the product that is pretty great in AOL Reader.. and I am gonna probably fire up the locally run Tiny Tiny RSS reader this weekend to make sure I have a backup.

Good Timing (2)

Oysterville (2944937) | about 3 months ago | (#46872981)

Just before Mother's Day, so many a geek can go see Grandma and kill two birds with one stone.

Change their security questions to what? (1)

John.Banister (1291556) | about 3 months ago | (#46873441)

Does AOL let you write your own, or do they use the same seven security questions I see everywhere else?

What about AIM accounts? (0)

Anonymous Coward | about 3 months ago | (#46874545)

Were they hacked or not?

Seriously (0)

Anonymous Coward | about 3 months ago | (#46875823)

They need to be fined for not telling users immediately. They potentially put users data not on AOL alone, but everywhere because it is common for hackers to use leaked data to run it against thousands of websites.

surprise, surprise, surprise (2)

Indy1 (99447) | about 3 months ago | (#46876123)

Aol has always been pretty spammy, but they've gotten out of control lately, and as usual, ignoring the problem.

I lost patience with them years ago, and started firewalling any netblock from them that was causing problems.

Solved a lot of problems, and since no one in their right mind uses them anymore, I'm not too worried about blocking anything legit.

Did I hear that right? (1)

Damian J Pound (3635341) | about 3 months ago | (#46877821)

I hope when they said "encrypted passwords" they meant "hashed passwords".
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...