AOL Email security breach: Additional information for users

Email-related messages: Mail service provider announcements, general help, other
Post Reply
User avatar
spc3rd
Moderator
Posts: 853
Joined: Tue Aug 30, 2011 5:45 pm

AOL Email security breach: Additional information for users

Post by spc3rd »

The article shown between the dashed lines below is excerpted/quoted from, the ArsTechnica website. This article is credited to/authored by Sean Gallagher.

-------------------------------BEGIN ARTICLE------------------------------------

You’ve got pwned: AOL reports e-mail breach as bigger than thought. AOL urges password changes after two percent of accounts become spambots.

by Sean Gallagher - Apr 28 2014, 3:00pm EST

Last week, AOL confirmed that an unknown number of AOL Mail accounts have been hacked. Today, the company urged all its customers to change passwords and security questions, as it determined that information for at least two percent of all its accounts had been compromised. That's an impact of half a million users.

Attackers breached AOL’s systems and gained access to e-mail addresses, encrypted passwords, answers to security questions, and other contact information (including postal mailing addresses). While the mailboxes themselves were not compromised, the attackers used the contact information in a barrage of “spoofed” e-mails from those addresses—messages sent from outside AOL’s network with forged “from” address headers. Those e-mails are part of a large-scale phishing operation containing malicious Web links.

An AOL spokesperson said that the company is working with federal law enforcement to investigate the attack on its servers and that there was no indication that encrypted passwords were cracked by the attackers. The company has also changed its Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy to “p=reject”—meaning that other mail services will automatically discard messages sent by someone using an AOL.com mail address when a message is sent from a non-AOL server.
-----------------------------------END ARTICLE----------------------------

(Link to the article at ArsTechnica website is shown below)

http://arstechnica.com/security/2014/04 ... n-thought/" onclick="window.open(this.href);return false;

Best regards,
Image
Global Moderator
Post Reply