AOL Passwords hacked from iPhone

Hi Lawrence,

Not jailbroken or tampered with in anyway.

N

That's one thing I am curious about, whether it has anything specific with Mac or iOS devices. Admittedly, this is probably the wrong site to manifest that curiousity.

I'm assuming it's not, based on the what seems broadness of the spoofing. But it has to originate somewhere or somehow, right?

I'm just adding a post because misery loves company. My account has been sending "hi News" emails for 5 days now. Nothing makes a difference - even deleting my contacts. I called AOL and they reset my password and said they could mask my account from spammers. More emails were sent 7 hours after my call to them. They also suggested I give them my credit card number so I can pay for more security. I've had this account for 20 years this month!

One other thing to note is that I don't have any Apple products. I found this forum googling to see if anyone else was having this problem with AOL. I use a PC and Samsung Galaxy phone but it's got me just the same.

Yes and I am miserable too. I have wasted hours changing passwords, scouring sites for advice and doing endless malware scans on my computer. It seems many of us are long time members of AOL - is this just coincidence?

Someone definitely got my contacts somehow, there are too many very specific addresses that I am getting bounced back. Addresses from YEARS ago. Twitter - that's a good idea!

Thank you to everyone. After going 20 years without having anything like this happen - this is really disconcerting. It is nice to know it's not just me.

This is happening to my niece's aol account right now with all the same behaviors listed by other members of this thread -- "News" as the subject line, etc.

BUT, I also received a group txt message from her this morning that was sent out to several of her contacts. These are old contacts she hasn't been in touch with in years -- schools she texted when applying to colleges, etc.

What I understand...

1.) There is notthing we can be done about spoofing her email address

2.) She needs to change the password on her aol email address to prevent further spamming from that account.

What I still DON'T understand

1.) Most importanly, what does she do about the hacking of her text (SMS) messages to prevent further issues? AT&T has been absolutely NO help and I can't find any good advice on this. (Her phone is an iPhone4s was bought from Apple and is not jailbroken) Is this sms breach related to the aol breach? She has all of her email accounts (aol, gmail, college) set up via her iphone. So far she has done nothing to address the texts.

2.) She doesn't use the aol email address much, if at all. Would closing the account help. If so, is there a right way to do this?

3.) I've seen comments on other threads about reinstalling iPhone software/system. How do we know if that is necessary? How would we do this if it is necessary?

4.) She wants to continue to be able to access her email (gmail and college) from her iPhone. Are you recommending that she not do this? She used wifi at school, home, etc. That would significantly impact the value of the phone for her.

It also happened to me, starting this morning. By now people have gotten two spam mails so far.

I am also a long time user with 16 years.

People won't stop asking me, why I send them ads for diet products. I wish AOL had taken better care of their user's accounts' security.

If spoofing won't stop in a few days, I will have no choice but to chance to Gmail or Gmx.

Apparently also Yahoo accounts are affected. AOL and Yahoo are both relicts of bygone times. Everyone always told me, but up till now I had no problems at all.

kelbee wrote:

What I understand...

1.) There is notthing we can be done about spoofing her email address

2.) She needs to change the password on her aol email address to prevent further spamming from that account.

This will not prevent further spamming from spoofs of her account. It will only prevent spamming through AOL's servers. A fact of life in the email world is that you can put anything you want in the FROM field of an email; there is no checking done on it. So I could put her email address (if I knew it) in the FROM field and send it from my email account and it would look like it came from her (until you examined the message headers, which most people don't bother to do).

What I still DON'T understand

1.) Most importanly, what does she do about the hacking of her text (SMS) messages to prevent further issues? AT&T has been absolutely NO help and I can't find any good advice on this. (Her phone is an iPhone4s was bought from Apple and is not jailbroken) Is this sms breach related to the aol breach? She has all of her email accounts (aol, gmail, college) set up via her iphone. So far she has done nothing to address the texts.

It is not possible to spoof true SMS, but you can spoof iMessage. So if her AOL address is one of the listed addresses in settings/messages then it could be spoofed. You can fix this by dis-associating her AOL address from her Apple ID account.

You can also send SMS from web sites. When you do you the SMS header will not contain her phone number, but may be her AOL email if the account was hacked.

It will stop in a few days when SpamAssassin figures out what is going on and how to identify the spoofed messages.

I think we're all long term AOL members [14+ years myself] because no one signs up for aol email accounts anymore! my contact list was definitely taken as the spam emails [the same "Fw: news" subject line] cc 20 of my contacts who are unique to the business I used that email account to be in touch with.

My account has not been affected. I have had an AOL account for 21 years (I was a Community Leader in the early days), but it's been 2 years since I logged in. I just logged in to check, and I had over 1,000 emails, all but one of them spam. To be safe I just changed my password.

Lawrence Finch wrote:

I have had an AOL account for 21 years

I wonder if I match that? My AOL account was a result of the takeover of Compuserve...?

Indirectly. I was a sysop on CS and became CL on AOL. So my AOL account was not a result of the takeover, but my role was.

1.) Most importanly, what does she do about the hacking of her text (SMS) messages to prevent further issues?

That is a completely separate issue, unrelated to AOL. Even if her AOL address is used as an Apple ID, and it's iMessage and not SMS messages that are being sent, that's still a separate issue, as that would be an Apple ID problem that may or may not have grown out of the hacking of her AOL address. You should start a different topic to address that issue.

2.) She doesn't use the aol email address much, if at all. Would closing the account help. If so, is there a right way to do this?

http://help.aol.com/help/microsites/microsite.do?cmd=displayKC&docType=kc&extern alId=12166

3.) I've seen comments on other threads about reinstalling iPhone software/system. How do we know if that is necessary? How would we do this if it is necessary?

It is not necessary. However, if it ever should be, you would restore it to factory settings:

http://support.apple.com/kb/ht1414

4.) She wants to continue to be able to access her email (gmail and college) from her iPhone. Are you recommending that she not do this?

There is no reason not to continue using her e-mail on her phone. She just needs to exercise the same caution that she should when checking e-mail on any device... specifically, she needs to be aware that when checking mail on an open wifi network, her e-mail messages can be intercepted and read by anyone on that same network who has the right software, and if she's not connecting via SSL, her password may be transmitted in clear-text (and, thus, interceptable) as well. (In the account settings, tap the Advanced button and make sure that Use SSL is turned on. Also turn the same setting on in the SMTP server settings.)

Coo. Doesn't time fly?! :-)