AOL Passwords hacked from iPhone

There is no known malware capable of infecting an iPhone, unless it has been jailbroken. Assuming you haven't done that, this problem is not due to any kind of malware on the phone. Opening e-mail messages is not dangerous at all.

Someone has hacked your AOL account remotely at least once. Changing your password was the right response, but perhaps you chose a weak password and they hacked you again. Change your password again, and make sure that it's a strong password - at least 8 characters, preferably more, with a mix of upper- and lowercase letters, numbers and even some symbols. Do not make it something predictable.

Also, you need to closely examine all the settings on your AOL account. Some accounts have settings that can weaken security. I'm unfamiliar with AOL, but as an example, GMail has a setting to allow other people access to an account through delegation, and hackers have been known to use this to maintain access even after the password has been changed. Have a talk with AOL support about security, and how you can make sure your account is secure.

One other possibility is that the hackers are simply spoofing your e-mail address. At this point, they have your address and all your contacts, due to their hacking of your account earlier. They could make it look like e-mail is coming from you, by faking your address on the From line, without actually having access to your account. There's not much you can do about that except warn all your contacts and wait for them to stop.

I had the same problem here. Unfortunately I had to remove my email from my iphone. I've never been hacked before and aol threatened to lock my account as if I sent those emails. I have the same email address forever so that's more important to me than the iphone. Now everyone wonders why I don't get and answer emails in a timely manner, thank you apple. My next phone will have email access. Good luck

The only way you could have compromised your passwords is if you retrieved AOL email using a public WiFi that was not secured, such as at Starbucks. That's not a phone problem, that's a lack of common sense problem.

I'm sure Verizon's 3G network is secure.

However, I've seen several reports recently of AOL accounts that were hacked. After the initial hack was fixed by changing the password the account appeared to continue to send spam using the AOL address. However, a careful examination of the email headers showed that the "From" field in the messages was spoofed, and the messages were actually coming from a different ISP. So if you can, check the raw headers in some of the messages that were supposedly sent by you.

Note also the "Heartbleed" vulnerability, which may have also caught AOL (they haven't said either way). It certainly caught Yahoo. This exploit was described by Bruce Schneier as "on a scale of 1 to 10, this is an 11".

Yeah, Lawernce is right. My friends kept telling me my AOL account was spamming them, but when I checked sent mail i didn't see anything. So I changed my password and asked a friend to forward me one of the spam emails that originated from my AOL account. It was clearly my address book being used, but when I checked the header what appeared to be my email was actually "inoue@prodigium.jp" In a way, it's nice to know that my account is actually secured (for now), but in a way it's kinda worse. Before when my email was hacked I could just change the password and that stopped the spamming. Now that they copied my address book, and are sending from an address that 'looks' as if it's mine, there is nothing I can do to stop it.... tricky internet devils....

verything seems fine after the password is changed until the account is added to Mail app on my iPhone. Then within anywhere from 3-10 hours afterwards, I get all this returned mail.

I can't say what's going on there without getting my hands on your stuff and doing tests, which obviously isn't possible. However, I can tell you for sure that there's no way this is malware, unless your phone is jailbroken.

Jailbreaking is hacking your phone to allow it to run apps that didn't come from the App Store. If you did that, you removed all security from the phone, and it's possible you could be infected with something.

One thing to think about... has anyone untrusted had unsupervised physical access to your phone? It's possible that it could have been hacked under such conditions (physical access is required), and some kind of keylogging software installed.

In all, it would require some very specific circumstances for your phone to be the problem.

I've pretty much decided to just close the account since that seems like the next logical move.

That's probably what I would do. AOL has been struggling to maintain relevance in a post-modem world, and they're not doing a very good job of it. I used to be an advocate of AOL "back in the day," when expectations were different, but I ditched AOL a long time ago. They just stopped being able to do what I needed to do.

If you want to stick it out with AOL a little longer, when was the last time you tried changing your password? It would not surprise me at all if their servers were affected by the Heartbleed bug, and if they were a bit slow to fix it. (I would hope they've fixed it by now, but you never know, and most companies are being oddly close-mouthed about this.)

My AOL account has been hacked too. It seems to happen from my iPhone or iPad, too. I have now deleted my aol mail from both and have reset my password AGAIN (3rd time in 5 days). Oddly, one spamming occurred whole my phone was off, computer was off, but iPad was on. I'm suspecting that it may be coming from inside AOL. I agree that this Heartbleed virus maybe more serious than what AOL is letting on. I think their IMAP server wasn't as secure and that is the vulnerability. Hopefully, it'll get better. I'll be accessing it only from their webpage, and if this doesn't improve on a week, they'll be ditched. And this email address is 20 years old.

I also have a 20 year old AOL account. I love the address; however, I've been hit with the same bogus use of my contacts. I called AOL and the tech person I spoke with said they had to remove my account from their server for a period of time and then bring it back with a new password. This, they said, would shake the problem off. We will see. Problem is people keep sending back the "Hey, did you send me this" return. Thus, if the problem originates from email, it perpetuates with folks returning it. I am unsure if the problem is solved (action taken on 4/15/14). Merely changing passwords will not solve the problem. It does reside on AOL servers. They said it came to the server via me.......

My aol email acct also has been hacked repeatedly over the last 10 days and also its an almost 20 yr old acct.I have I pad, android samsung 3 phone and windows pc.....changed my pw, did virus scans on all my devices and 2 days later it would happen again. this happened 4 times. very frustrating as I have always been good at stopping attacks before.... emails were sent out to my contact list. only way I knew about it was my friends would ask If I seent them something and my inbox would get a few undeliverable mail returns. when I check my sent folder, nothing suspicious showed up. Called security at aol and they shut down my acct from their end today and gave me a new password....so I am scanning my pc once again, sigh....now I guess I wait and see........does anyone have an ultimate solution? I really dont want to cancel my acct. my whole life is involved with it. Thanks

I'm willing to bet that your account was hacked once and your contact list was taken. After you changed the password the spammers continued to send messages spoofing your address, but actually from other email servers. If you get copies of some of the messages and look at the raw message format you will find that your AOL address is in the FROM field as a name, but the actual email address will be different and the outgoing mail server will not be AOL.

I've seen a huge number of AOL accounts sending spam recently. While AOL isn't admitting anything I'm pretty sure they were hacked in a major way.

My AOL account has been hacked repeatedly last 10 days, too. But I am not using I-phone. (I have Samsung Galaxy 5) I have kept changing my password, but it has been hacked continously. As everyone said, I never had this bad experience for the last 15 years since I used AOL. I deleted all the contacts a several days ago. But I just got another scam email from myself. So, I guess the hacker is taking the email addresses from the emails kept, not only from the address book. I did delete all the emails in this computer. I now want to close the AOL account. It is very annoying.

Same problem here. I've had at least 3 incidences of spoofing sent to multiple addresses from my old AOL address book (which I've now deleted and stopped auto adding new addresses to it). Nothing has cropped up in my Sent folder so I assume its spoofing but they definitely got my address book somehow.

I tend to agree with Lawrence - the problem probably lies with AOL itself and coincidentally started for me about the same time that news of Heartbleed broke.

Like others here my account is pretty old - at least 10 years and the thought of deleting it is daunting given the number of sites that send me stuff. However, I am considering setting up a new address and gradually migrating all my contacts and sites to that.

Another AOL user here with the same issue...all my contacts are receiving spam emails (fortuneately they dont appear to be originating from my account). One thing I noticed is that after some digging around I found a preference in my AOL settings that was allowing Facebook to have access to my contacts. It may or may not be related to this issue, but Im a bit put off that I never received a message along the way from AOL stating they'd be sharing this info.