AOL Passwords hacked from iPhone

Yes...exactly....

Hi!

News: then a link here

Then it uses my emall address as a signature........that is not my normal signature

None of these sent emails show up in my sent folder either

It is sending emails out 3 or 4 times a day

I did get thru to aol 5 or 6 days ago and they made me change my password and security question....I have since changed both 4 or 5 times and then gave up......it does nothing......deleting our accts won't stop it.....my password is currently 16 characters long....capitals, reg letters, symbols, complete gibberish so no one can guess it. Aol phone lines have been jammed up ever since and I get no response to emails or anything from them. My acct is 18 years old.....I sure wish they would fix this for us.....I don't think any of us did anything....they have to know these emails are being sent out....I am so friggin tired of apologizing to people.

Carvinginnyc wrote:

None of these sent emails show up in my sent folder either

That's a good sign, but the best hackers will take the time to delete them before they leave your account to cover the fact that it's being used.

Still, chances are good that it's not coming from your account. You should be able to figure out where it's coming from by submitting the original message with headers, not a bounce report, to Spamcop for analysis.

OK, I finally got one of these supposedly from mwk0f84049q2z68[at]aol.com and the authenticated sender is actually srnka[at]mirror-promotion.cz but even that address appears to have been forged.

You can see the SpamCop analysis here.

It is strangely reassuring to see lots of other people with the same issue. Two of my families aol accounts were hacked, and contacts copied, with 'News' spam starting on the 19th April.

Nothing in the sent box.

Changed passwords and security questions, spoke to aol etc...but that is like shutting the stable door after the horse has bolted. They said normally 3 to 4 days before they bring it under control.

It's even possible that your account was never hacked.

Suppose the account of someone you know was hacked, and their contact list was acquired. The hackers could then use every address in that list as both a FROM address and a target address for their spam. As I assume this is someone you know it's likely that there's a lot of overlap between your contacts and theirs.

So it might appear that you were hacked when you were not.

I have same 'News' spam originating from my email today 03.15 (UK time).

And the email appears in the 'Sent' box on just one of my three email devices.

That is my iphone. And it is only sent to people I have sent emails to from that phone.

I have changed password on email but to me it appears it might be linked to my iphone.

Any thoughts?

I've the same issue with an IMac and a macbook.....100 miles apart. There is nothing in either sent box, but lots of undeliverable messages.

Looks to me that AOL has been breached strategically, and lots of people have lost their contact lists simultaneously. The AOL customer service and aoilmail twitter pages are a little 'busy' with this issue.

Happened to me too. AOL has proven to be a disaster in handing this. I was on hold for close to an hour yesterday and all they told me was that their tech team is working on it. They've received calls about nothing except the hacking and spoofing going on.

That's one thing I am curious about, whether it has anything specific with Mac or iOS devices. Admittedly, this is probably the wrong site to manifest that curiousity.

I'm assuming it's not, based on the what seems broadness of the spoofing. But it has to originate somewhere or somehow, right?

I'm just adding a post because misery loves company. My account has been sending "hi News" emails for 5 days now. Nothing makes a difference - even deleting my contacts. I called AOL and they reset my password and said they could mask my account from spammers. More emails were sent 7 hours after my call to them. They also suggested I give them my credit card number so I can pay for more security. I've had this account for 20 years this month!

One other thing to note is that I don't have any Apple products. I found this forum googling to see if anyone else was having this problem with AOL. I use a PC and Samsung Galaxy phone but it's got me just the same.

Yes and I am miserable too. I have wasted hours changing passwords, scouring sites for advice and doing endless malware scans on my computer. It seems many of us are long time members of AOL - is this just coincidence?

Someone definitely got my contacts somehow, there are too many very specific addresses that I am getting bounced back. Addresses from YEARS ago. Twitter - that's a good idea!

Thank you to everyone. After going 20 years without having anything like this happen - this is really disconcerting. It is nice to know it's not just me.

This is happening to my niece's aol account right now with all the same behaviors listed by other members of this thread -- "News" as the subject line, etc.

BUT, I also received a group txt message from her this morning that was sent out to several of her contacts. These are old contacts she hasn't been in touch with in years -- schools she texted when applying to colleges, etc.

What I understand...

1.) There is notthing we can be done about spoofing her email address

2.) She needs to change the password on her aol email address to prevent further spamming from that account.

What I still DON'T understand

1.) Most importanly, what does she do about the hacking of her text (SMS) messages to prevent further issues? AT&T has been absolutely NO help and I can't find any good advice on this. (Her phone is an iPhone4s was bought from Apple and is not jailbroken) Is this sms breach related to the aol breach? She has all of her email accounts (aol, gmail, college) set up via her iphone. So far she has done nothing to address the texts.

2.) She doesn't use the aol email address much, if at all. Would closing the account help. If so, is there a right way to do this?

3.) I've seen comments on other threads about reinstalling iPhone software/system. How do we know if that is necessary? How would we do this if it is necessary?

4.) She wants to continue to be able to access her email (gmail and college) from her iPhone. Are you recommending that she not do this? She used wifi at school, home, etc. That would significantly impact the value of the phone for her.

It also happened to me, starting this morning. By now people have gotten two spam mails so far.

I am also a long time user with 16 years.

People won't stop asking me, why I send them ads for diet products. I wish AOL had taken better care of their user's accounts' security.

If spoofing won't stop in a few days, I will have no choice but to chance to Gmail or Gmx.

Apparently also Yahoo accounts are affected. AOL and Yahoo are both relicts of bygone times. Everyone always told me, but up till now I had no problems at all.

kelbee wrote:

What I understand...

1.) There is notthing we can be done about spoofing her email address

2.) She needs to change the password on her aol email address to prevent further spamming from that account.

This will not prevent further spamming from spoofs of her account. It will only prevent spamming through AOL's servers. A fact of life in the email world is that you can put anything you want in the FROM field of an email; there is no checking done on it. So I could put her email address (if I knew it) in the FROM field and send it from my email account and it would look like it came from her (until you examined the message headers, which most people don't bother to do).

What I still DON'T understand

1.) Most importanly, what does she do about the hacking of her text (SMS) messages to prevent further issues? AT&T has been absolutely NO help and I can't find any good advice on this. (Her phone is an iPhone4s was bought from Apple and is not jailbroken) Is this sms breach related to the aol breach? She has all of her email accounts (aol, gmail, college) set up via her iphone. So far she has done nothing to address the texts.

It is not possible to spoof true SMS, but you can spoof iMessage. So if her AOL address is one of the listed addresses in settings/messages then it could be spoofed. You can fix this by dis-associating her AOL address from her Apple ID account.

You can also send SMS from web sites. When you do you the SMS header will not contain her phone number, but may be her AOL email if the account was hacked.