AOL Cautions its Users about Infringement of Personal Information after Hacking Attack

Theregister.co.uk reported on 28th April, 2014 stating that AOL, formerly American Online, has issued a warning to users about theft of personal information by attackers just after a week of a report published by media on 22nd April, 2014 questioned the security of its (AOL) servers.

On Monday, 28th April, 2014, the company confirmed that the same hackers behind last week's spam deluge infiltrated the servers of the company and collected user's information including email addresses, contact lists, home addresses, encrypted password and security question with answers.

AOL started the investigation last week when users started receiving large amounts of spam emails from spoofed email addresses. The company believes that the attacks, which deceived most spam controls, were due to mass breach of estimated 2% of AOL's customers email accounts.

"Notably, we have no idea about encryption of passwords or the breach of answers of security questions. Also, at this point of investigation we don't have any idea about disclosure of user's financial information including debit and credit cards which is fully encrypted," AOL said.

Threatpost.com published news on 28th April, 2014 mentioning a written statement of Brian Alvey, a Developer of Content Management Space, as "I surmised AOL had been exploited."

AOL claimed that with the aid of best-available external forensic pundits and central authorities it was trying to probe this heinous criminal activity.

AOL recommends through a company blog: "As a security measure, we strongly encourage our patrons and workers to retune their passwords for any service of AOL and while doing this it also persuaded one and all to change their security question and answer.

Additionally, the blog also gives some tips such as, not clicking on suspicious mail and not providing any confidential financial or personal data in response to any email coming from unfamiliar address and one should always keep an eye on his/her email address being used in spam/spoof.

Techtimes.com published a report on 28th April, 2014 quoting AOL as saying "We are informing potentially affected users and are committed to ensure safety to our users, employees and partners and addressing the situations as quickly and forcefully as possible"

» SPAMfighter News - 5/5/2014