Quantcast

Wednesday, July 23, 2014         

 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

AOL reports 'significant' security breach of user passwords, address books

By Salvador Rodriguez

Los Angeles Times

POSTED:
LAST UPDATED: 12:24 p.m. HST, Apr 28, 2014


AOL Inc. has confirmed what many suspected: The company suffered a major security breach.

Hackers were able to steal the email addresses, postal addresses, address books, encrypted passwords and the encrypted answers to security questions of "a significant number of user accounts," the New York-based company said Monday.

"The ongoing investigation of this serious criminal activity is our top priority," AOL said in a note. "We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place, and we urge our users to take proactive steps to help ensure the security of their accounts."

AOL said it began investigating the matter after it saw a significant increase in the amount of spam email being sent from accounts that were set up to look like AOL Mail addresses. This is a tactic known as "spoofing."

Spoofing is "used by spammers to make it appear that the message is from an email user known to the recipient in order to trick the recipient into opening it," AOL said. "These emails do not originate from the sender's email or email service provider -- the addresses are just edited to make them appear that way."

The company said it appears spammers are using the stolen contact information to send spoof messages from email addresses mimicking 2 percent of AOL's accounts.

The rise in spoof AOL spam email occurred last week, leading many experts to believe that the company had been hacked. John Levine, an expert in email infrastructure, said AOL's announcement Monday comes as no surprise.

"It's been painfully obvious that the crooks managed to steal the email addresses and the address books since I saw spam coming from an AOL address to recipients that were in that person's address book," said Levine, who co-wrote "The Internet for Dummies."

Levine said it is hard to gauge how significant of a breach AOL suffered because the company did not say how many users were affected, but it is clear that AOL must improve its cybersecurity.

"It's their job to keep their system secure. We all know it's hard, but it's a modern online service. It's a key part of what they do," he said. "It's incumbent on them to step up and deal with the costs."

AOL suggests that all its users and employees change their passwords and their security questions and answers to protect themselves from hackers.






More From The Star-Advertiser

Yahoo resets passwords after email hack




 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(2)
You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
Maneki_Neko wrote:
I didn't know AOL even existed anymore.
on April 28,2014 | 07:49AM
cojef wrote:
Had this experience with a member of "facebook". Opened a mail from email friend and the spammers added something in my laptop's Windows registry. Now periodically a defrag page appears and request that I defrag, then boom they want you to purchase their software package. Can't get rid as I am not qualified to look in my registry and delete it.
on April 28,2014 | 10:02AM
IN OTHER NEWS
Breaking News