You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

💡 Did you know?

⏺ If you can't accept iCloud Terms and Conditions... Learn more >

⏺ If you don't see your iCloud notes in the Notes app... Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

AOL Passwords hacked from iPhone

I have had my AOL account for close to 15 years (since it's inception really). I've had a few problems wiht my password being hacked over the years, but nothing like what I'm going through now. I rarely check my email through their website - I use my iPhone 4S.


It all started when I was going through my AOL spam folder on my iPhone looking for a legitimate email from my lawyer. When I moved that message, it opened the next message (truly spam) that contained a link (and possibly an attachment...I don't remember). I NEVER open junk email on my phone, I usually just delete it. Next thing I know, my AOL account is sending rogue emails to every address I've got stored in my phone. It all happened in a 6 hour span. I changed my password, and updated it on my phone and thought all was good. Then I received an email from a friend that looked legit so I opened it. As soon as I did it, I knew it was a mistake, so the cycle started again. I've change my password at least three times since the second time and have used a random combination of letters (mix of upper and lower case), numbers and symbols 12 characters long, so I know it's not easy to hack, I keep having this problem daily unless I remove the account from my phone - in which case, everything is fine...the problem only seems to be present when I set up my account on my phone.


It seems like there's a keylogger or virus on my iPhone 4s. I've updated my OS, I've updated my computer, I've backed up my iPhone...what else can I do? Should I replace my iPhone, or delete my AOL account permanently and change to gmail? HELP!! I'm at my wits end and my friends are tired of getting strange emails from me!

iPhone 4S, iOS 7.1

Posted on Apr 14, 2014 8:15 PM

Reply
122 replies

Apr 18, 2014 8:53 AM in response to asuguy184

Another AOL user here with the same issue...all my contacts are receiving spam emails (fortuneately they dont appear to be originating from my account). One thing I noticed is that after some digging around I found a preference in my AOL settings that was allowing Facebook to have access to my contacts. It may or may not be related to this issue, but Im a bit put off that I never received a message along the way from AOL stating they'd be sharing this info.

Apr 18, 2014 4:55 PM in response to UniqueNY

gmail has excellent spam protection, and, if you use 2 step verification, is almost impossible to hack. 90% of the spam that I get from hacked accounts comes from AOL accounts. Including 2 accounts of people I knew who have been dead for a couple of years.


Yahoo recently implemented a new anti-spoofing "solution" called DMARC (do a web search if interested). The problem with it is it makes it impossible to participate in Internet listservs and other mailing lists that forward messages to list members. It DOES effectively stop spoofing your email address, but at a very high price.

Apr 19, 2014 8:00 AM in response to Lawrence Finch

Lawrence. Hello


Can you tell me if deleting my aol email address will stop the hackers from spoofing it. Its obvious they have my contact list from a past hack (I deleted it recently) and continue to spoof my address. I have had my aol address for many years and want to keep it but the amount of emails going out to my contacts is ridiculous.


So I am about to cancel the email address but was wondring if this would stop them.


Thanks for your help

Apr 19, 2014 8:12 AM in response to Douglazyxx

Canceling your AOL address will not stop them from spoofing it. They are using your AOL address as the "name" in the FROM field in their spam messages. There's no way to stop them once they have it. They could have even spoofed your AOL address without ever hacking your AOL account (although the fact that they have your contact list means that they DID hack it). Tjhey will tire of using it after a few days, however.


Note that this is not people actually sending spam emails. The spam email actually is coming from hacked computers running as robots in a network ("botnet"). Anti-spam services are designed to recognize botnets and block them, however, this takes a few days.

Apr 19, 2014 10:00 AM in response to asuguy184

Add me to the list of hacked aol account. Changed password and security question 20 times to random letters , numbers and symbols. Also deleted all my contacts but people from original contact list have been getting spammed 2-3x a day. I've never opened a spam email or clicked on any links for this to start happening. I've deleted aol mail from my iPhone , MacBook and iPad. I've emailed aol support and they say to follow their instructions of changing password/question.


This truly sounds like something happened on AOLs end and they have yet to make a statement about it.

Apr 19, 2014 10:06 AM in response to TwinCitiesJHawk

Please read the rest of the thread. Spammers can spoof your email address even if they never hacked your account. If they have your contacts they did hack your account, but changing the password will not stop them from spoofing your AOL screen name and sending from a different, non-AOL email server. If you look at the raw source of the spam messages you will see that after the first round they were not sent from AOL's server.


I believe that AOL had a security lapse that they are not admitting to, based on the number of AOL accounts that have spammed me in the past week. It has nothing to do with iPhones, BTW.

Apr 19, 2014 10:08 AM in response to TwinCitiesJHawk

Yes I too believe this is an AOL problem.....i am gonna apologize profusely to my contacts when possible but I am going to wait this out in an attempt to save my 20 year old email address. You cant even get through to AOL anymore and I even am using a secret backdoor phone number for them. This *****. I wish they would send those affected a note letting us know its being worked on and when we can expect some progress. Thanks everyone....glad I found this thread

Apr 19, 2014 6:05 PM in response to Carvinginnyc

I am glad I found this thread too. This has just been nuts. This is the only time EVER I have had been hacked. I have had my aol address since 1994 and we are military, so we move all the time. It's the one way I know people can find us. But if they block my address becuase I am spamming them, that defeats the purpoes of the address. UGH! My husband figured out that the ip address of the spammers is in Madagascar and Budapest. The spam is sent once every 24 hours at different times and it started on April 14, although they may have tried April 4. I have a macbook pro, an iphone and an ipad. Oddly the other AOL address I have had almost as long has not been compromised - yet. Glad to know this isn't Apple related.

Apr 19, 2014 7:04 PM in response to Lawrence Finch

I think you're correct.

I have 2 AOL usernames/accounts, the one which was spoofed today happens to be one I dont use as often, is NOT linked to my i-phone/never checked on my i-phone, has a unique password not used on any other site, and is not connected to Facebook which I do not use. I only check this email on my own secure internet connection and always through aol.com webmail.

I know it was spoofed as it's sending the emails with the from 'name' as my email username and not as my real name that should appear/is associated with the account. It seems obvious to me this is an AOL problem. I have changed my password and deleted my contact list, I hope it doesnt happen to me again.

Apr 19, 2014 7:22 PM in response to Lawrence Finch

Lawrence Finch wrote:


AOL claims they were not vulnerable to heartbleed. I don't believe them.

I can't find a single test site that reports them as vulnerable to include a couple that claim to have the ability to test sites before Heartbleed was announced.


AOL does use Akamai as a Content Distribution Network (CDN), as seemingly most every large networking company does, and they were vulnerable for a long time. I just don't know that a CDN would ever have user login credentials.

AOL Passwords hacked from iPhone

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.