AOL Subscriber Data Stolen: Youve Got Pwned

  /     /     /  
Publicated : 22/11/2024   Category : security

AOL Subscriber Data Stolen: Youve Got Pwned


Change passwords and security questions now, AOL warns subscribers. For everyone else, treat all emails from AOL addresses with suspicion.


Warning to AOL users: Beware a security intrusion that resulted in the theft of subscribers information, and dont click on links or attachments in any suspicious-looking emails.
That warning was sounded Monday by AOLs security team, which
said in a security update
that third-party digital forensic investigators hired by the company found unauthorized access to information regarding a significant number of user accounts. The information accessed by attackers included AOL users email addresses, postal addresses, address book contact information, encrypted passwords, and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information.
The theft of contact information from AOL subscribers means that anyone who receives an email that appears to be from an AOL email address should treat it as suspicious, until proven otherwise.
What should AOL users do now in response to the breach? We suggest you take some routine security precautions, said
Internet for Dummies
author John R. Levine in a
blog post
. Specifically, we recommend that you change your postal address, phone number, employer, date of birth, and spouse. Oh, and you might as well change your password, too.
The breach is a further reminder that people should
never reuse the same password
on multiple sites. In the wake of the AOL breach, accordingly, if you were using the same password for any other online account -- which is, as we have discussed many times before, very bad practice -- then you need to change those passwords too, said independent computer security analyst Graham Cluley in a
blog post
.
And its not just passwords that you have to worry about, he added. AOL says that address books have also been accessed, which means that online criminals now know who you are friends with, and how to contact them -- making it easy for them to create convincing scam emails or attempt to send out phishing campaigns.
While an AOL youve got mail email address today may
lack its 90s cachet
, last year the company said that
2.5 million people
still subscribe to one of its services. [Im] bemused by people who say theyre surprised AOL is still around, said Cluley
via Twitter
. Theyre the company who bought TechCrunch and the Huffington Post.
AOL said the breach seems to be tied to the flood of spam that appeared to emanate from AOLs servers last week. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts, AOL said. But the company said the emails werent actually sent via its servers or subscribers accounts. Instead, it said attackers used contact information stolen from AOL subscribers and spoofed the email addresses to make it appear as if theyd originated from the AOL subscriber.
What about the encrypted data stolen by attackers? AOL also said that to date, theres no indication that the encryption on the passwords or the answers to security questions was broken. But an AOL spokeswoman, contacted via email, wasnt immediately able to comment about how exactly the stolen information was encrypted. As some past breaches have highlighted -- for
example at LinkedIn
-- not all businesses implement what information security experts would describe as minimal standards for implementing password encryption.
Furthermore, now that attackers have managed to obtain the AOL subscriber data tranche, they can attempt to crack it offline. That means that attackers may gain access to -- or may have already accessed -- peoples security questions and answers, which would create problems of the variety to which Levine alluded.
Looks like Ill have to ask my mother to change her maiden name again, said Virus Bulletin editor Martijn Grooten
via Twitter
. Awkward.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
AOL Subscriber Data Stolen: Youve Got Pwned