AOL Account Hacked

[ATH]

Quote:

Originally Posted by Xyzzy

PS - Your password (12345) was probably a bit too short.

1, 2, 3, 4, 5? That's amazing! I've got the same combination on my luggage!

[xilman]

Quote:

Originally Posted by ATH

1, 2, 3, 4, 5? That's amazing! I've got the same combination on my luggage!

Your luggage is much more secure than mine, then. There's only four digits on my case 8-(

Paul

[ewmayer]

Quote:

Originally Posted by Uncwilly

He did change the default password. It is now password1.

Actually, it's "mypass" ... you're thinking of my online banking account. ;)

Thanks for the suggestions, all - I'll start culling my online address book in the coming days, to at least give would-be intruders fewer spam targets in future.

In the meantime, no new outgoing spams in the past 24 hours, so fingers crossed that the password reset locked the intruder out.

[Flatlander]

Quote:

Originally Posted by henryzz

Yes, but they also cost money.
What my family does is we pay for(for 3 pounds a year i think) a domain name with which we redirect emails to wherever we want. We have changed email provider many times when we have had problems or changed ISP and havn't changed email address.

Same here. Then when I sign up for something I create a new redirect specifically for that website. If I start getting spam I know where the leak was and can just delete/change that address.

[davieddy]

Anyone is welcome to attempt to assume my identity.

3 guesses what my password is.

Hint: This purports to be a maths forum.

Jamie Blandford

David (oops)

http://www.youtube.com/watch?v=OmOe27SJ3Yc

[ATH]

Quote:

Originally Posted by ATH

1, 2, 3, 4, 5? That's amazing! I've got the same combination on my luggage!

6:17 - 6:50:
http://www.youtube.com/watch?v=AcY090XV284

[Batalov]

Quote:

Originally Posted by Xyzzy

PS - Your password (12345) was probably a bit too short.

And the answer to your security question - "I met my significant other in Wasilla, AK" was a bit too obvious.

[joblack]

Quote:

Originally Posted by ewmayer

It looks like someone hacked my AOL account and sent spam to all my address-book contacts, around 1:45 PDT this morning. Apologies to those of you who got garbage-mail alleging to be from me as a result.

Since I use the free webmail service, AOL customer service has been utterly unhelpful ... I changed my password, not sure what else I can do short of closing the account. (Which I don't want to do, since it's been my personal e-mail for many years and is in so many links and contact-me settings for me.

I'm pretty certain this was direct hack of my account in terms of accessing the address book stored on the AOL server(s) - if it were a virus infecting my work PC I would've expected it to grab address from my outlook contacts, but all of the ones used are stored on the AOL server and many don't exist in my Outlook contacts. My 2 home PCs are only connected to the internet extremely infrequently, since I am rigorous about keeping the internet out of my weekends.

Any suggestions as to what-else-to-do are appreciated. I looked for any account options that would allow send restrictions, no luck. Parental controls? Couldn't log in - probably another paid-subscriber-only feature.

!#%^%@#$#@$ spammers...

-E

The solution is quite simple: Don't use AOL.

[davieddy]

Recently I have got several messages from postmaster@mail.hotmail.com
informing me that the recipient of the email (I didn't send) was unknown.

I smell a rat somewhere.

Have I got bird flue or swine fever?
Or is an oil slick less newsworthy than a failed car bomb in Times Square?

David

[mdettweiler]

Quote:

Originally Posted by davieddy

Recently I have got several messages from postmaster@mail.hotmail.com
informing me that the recipient of the email (I didn't send) was unknown.

I smell a rat somewhere.

Have I got bird flue or swine fever?
Or is an oil slick less newsworthy than a failed car bomb in Times Square?

David

Quite commonly, spammers will use email addresses picked from their harvested lists in the From: fields of spam--thereby ensuring that the emails come from a valid address (therefore defeating some rudimentary screening methods), and also serving to divert the attention of less computer-savvy folks (who are unaware of how easily a From: field can be forged) to the wrong target.

Many MX servers (SMTP servers that accept incoming mail to a domain) will flat-out reject an email to a nonexistent account, thus allowing the sending SMTP server (in this case the spammer's mailer) to know right away that the address it tried is invalid and give up. However, others will accept the email without checking it, and then check the address's validity afterwards. If it turns out to be bad, it sends a bounce email--referred to technically as a delayed bounce--back to the address listed in the From: field on the message. Of course, this means that if the From: address is forged, the innocent holder of that address (in this case you) will receive the bounce message. From what I've seen in the past Hotmail does participate in this not-ideal practice of sending delayed bounces, so that would be consistent with the bounces you got.

Note that this is not to be confused with the bounce messages you normally get from an ISP's mail server: those are just relay servers between your computer and the destination MX server, and therefore cannot check the address's validity themselves (unless the recipient's entire domain is nonexistent, in which case they'll usually reject the message flat-out producing an appropriate error dialog box in the sender's mail client). They have to first accept the message for relaying, then try to send it to the destination MX--and if that rejects the message, it will return a bounce to the sender. Note that if the destination MX does delayed bounces, as described above, then the ISP relay server (now in the place of the spammer in my earlier example) has no idea the message didn't go through and therefore you don't get a bounce from them, but rather from the MX.

So, to summarize: if you're receiving bounces of messages you didn't send, it doesn't mean someone's hacked into your account. What's much more likely is that you're on the mailing list of some spammer who's forging emails in your name.

[Batalov]

Quote:

Originally Posted by mdettweiler

...it sends a bounce email--referred to technically as a delayed bounce--back to the address listed in the From: field on the message. Of course, this means that if the From: address is forged, the innocent holder of that address (in this case you) will receive the bounce message.

Indeed, over one weekend in April 2008, my email at the company received ~1.3 million bounces (sic!): they started arriving early Saturday and poured steadily over two days from every country in the world. Thousands out of the million crept through the spam filter, so even the filtered box was all aflame. Sad, but true story. Needless to say, first thing on Monday, that email had to be invalidated and I was given another one. (I've taken a small cross-analysis of pre-bouncing original accounts -- they, too, were from all over the world. Some worm used my email for "From:" - in a bundle of thousands others. The worm was apparently spread and activated on that April Saturday morning.)

Aftermath: there are probably some corners of the world where my name is still synonymous with certain ED remedies. Or hopefully not. And never again I registered to any conferences with anything other than a single-use throw-away yahoo account.