

AOL Security Update - tonymaupin
http://blog.aol.com/2014/04/28/aol-security-update/

======
simcop2387
Awesome. I reported this to them about a month ago when it happened to me. I
was up late last one night with insomnia and the password to my nearly 20 year
old account popped into my head (It was a child account off my parents from
back in the 90s). The three people I emailed all the sudden started getting
spam from me even after I had changed the password to something other than
what it had been for so long.

------
jamesbrennan
The term "encrypted password" and talk of "breaking" that encryption appears a
few times in the post - I guess AOL is another company storing user passwords
using reversible encryption rather than hashing them. That is concerning.

------
peter_l_downs
2% of all accounts? That's a LOT of email addresses. Also sounds like they
don't know how this is happening. I'm impressed that they put this up without
having found a solution or stopped the problem, that must be a pretty hard
move to make PR-wise.

~~~
tkmcc
Yep, it's been reported that around half a million users may be affected:
[http://www.tomsguide.com/us/aol-spam-data-
breach,news-18703....](http://www.tomsguide.com/us/aol-spam-data-
breach,news-18703.html)

------
dredmorbius
Several years ago my parents' AOL account (with a very poor password) was
compromised. This was a legacy account, now free, but which had previously
been a paid dialup account.

Attempts at recovery failed. Memory's a bit hazy, but whatever security
questions were in place, if any, didn't work. The credit card number that had
been used to pay the account was long-since forgotten.

Contacting AOL directly got nowhere.

The upshot was that we had to simply switch to a different account (and
service), change contact information, and hope that nothing critical might be
sent there inadvertently.

It does raise the issue that identity on the Internet is a difficult thing to
establish and prove, or even retain.

------
codezero
My mom was complaining that her friend had received spam that appeared to
originate from her AOL account about two weeks ago. I was worried my mom had
some malware, but this is a bit worse, hopefully they follow up with some more
information about what account holders should do, if anything.

------
theboss
I got an AOL account when I was around 5 or 6. Now I'm finishing my masters
degree (this week..yay). It is interesting to wonder what these hackers could
get access to with password resets on user's legacy accounts.

------
swang
Haven't they been breached before? Sad.

------
guiambros
> _AOL 's investigation is still underway, however, we have determined that
> there was unauthorized access to information regarding a significant number
> of user accounts. This information included AOL users' email addresses,
> postal addresses, address book contact information, encrypted passwords and
> encrypted answers ..., as well as certain employee information. _

Here we go again.

