AOL Account Hacked
 

It looks like someone hacked my AOL account and sent spam to all my address-book contacts, around 1:45 PDT this morning. Apologies to those of you who got garbage-mail alleging to be from me as a result.

Since I use the free webmail service, AOL customer service has been utterly unhelpful ... I changed my password, not sure what else I can do short of closing the account. (Which I don't want to do, since it's been my personal e-mail for many years and is in so many links and contact-me settings for me.

I'm pretty certain this was direct hack of my account in terms of accessing the address book stored on the AOL server(s) - if it were a virus infecting my work PC I would've expected it to grab address from my outlook contacts, but all of the ones used are stored on the AOL server and many don't exist in my Outlook contacts. My 2 home PCs are only connected to the internet extremely infrequently, since I am rigorous about keeping the internet out of my weekends.

Any suggestions as to what-else-to-do are appreciated. I looked for any account options that would allow send restrictions, no luck. Parental controls? Couldn't log in - probably another paid-subscriber-only feature.

!#%^%@#$#@$ spammers...

-E

As one of the recipients, I had to laugh at it considering that you started [URL="http://www.mersenneforum.org/showthread.php?t=8110&highlight=spamr"]this thread[/URL]. Granted it was not a 419 type spam, but the irony was rather funny.

I had a similar problem in the past with Road Runner (by Time Warner, which owns AOL) in which someone forged my e-mail address. I know it was forged (as opposed to a virus) for two reasons. First, I have a Mac. Second, none of my contacts got the spam.

In any case I hope that your problems with the account have been resolved.

[quote=ewmayer;212458]Since I use the free webmail service, AOL customer service has been utterly unhelpful

< snip >

Any suggestions as to what-else-to-do are appreciated.[/quote]A couple of years ago, Bruce Schneier ([URL]http://www.schneier.com/[/URL]) wrote about e-mail accounts in one of his Crypto-Gram newsletters.

The main point I recall was that he advised using a paid e-mail service, not a free one. Free e-mail services have less incentive to work to prevent problems, and less incentive to fix them properly once they happen, than a subscription service would.

[quote=cheesehead;212466]A couple of years ago, Bruce Schneier ([URL]http://www.schneier.com/[/URL]) wrote about e-mail accounts in one of his Crypto-Gram newsletters.

The main point I recall was that he advised using a paid e-mail service, not a free one. Free e-mail services have less incentive to work to prevent problems, and less incentive to fix them properly once they happen, than a subscription service would.[/quote]
Yes, but they also cost money.
What my family does is we pay for(for 3 pounds a year i think) a domain name with which we redirect emails to wherever we want. We have changed email provider many times when we have had problems or changed ISP and havn't changed email address.

I suppose what you could do, since you don't want to get rid of the AOL address due to its being your long-established point of contact, is to have it forward to some other address that you have more direct control over (or at least which is more secure). Is it possible to do that with free AOL? (I know it's possible with free Gmail, but then again, they tend to be the exception with regard to such features as compared to other free webmail providers, so that may not be the case for you.)

Once your actual point of access is out of the AOL account, you could then delete your address book entries, etc. from there and change your password to something long and random (since you won't have to enter it much). That would make it harder for someone to attack it and also minimize the damage if someone did manage to get in.

maybe a hater of david hasselhoff...?

Do you want to redirect everything to a mersenneforum.org email address?

Since you have access to the DH forum this is an option for you.

Another possibility is to consolidate all of your email addresses into Google Mail. We have probably 20 email addresses tied to ours. Even if AOL cannot forward emails, Google can pull them in for you.

[SIZE=1]PS - Your password (12345) was probably a bit too short.[/SIZE]

[QUOTE=Xyzzy;212497][SIZE=1]PS - Your password (12345) was probably a bit too short.[/SIZE][/QUOTE]He did change the default password. It is now password1.

I would recommend making sure you don't have any passwords saved in emails that are under that account.

Another thing to be weary of is the fact that there may have been emails that came from places you hadn't requested your password from in the past (forgotten password) which an attacker could have seen, used to request one and then covered their tracks.

Obviously as there was a spam email sending spree this is far more unlikely!

Also might be an idea to investigate how it might have happened... Keylogger? Trojan? Login from public net? (very common) or direct attack on your account?

...Well you did ask for suggestions!


Personally I am extremely weary of email security and am constantly berating (in the nicest possible way :P) friends and family about leaving things that could potentially be a password database unsecured. (although now my mum is a bit overly cyber security aware lol)

Weary, wary or both?

[QUOTE=davieddy;212516]Weary, wary or both?[/QUOTE]

wary.