AOL Passwords hacked from iPhone

I think we're all long term AOL members [14+ years myself] because no one signs up for aol email accounts anymore! my contact list was definitely taken as the spam emails [the same "Fw: news" subject line] cc 20 of my contacts who are unique to the business I used that email account to be in touch with.

My account has not been affected. I have had an AOL account for 21 years (I was a Community Leader in the early days), but it's been 2 years since I logged in. I just logged in to check, and I had over 1,000 emails, all but one of them spam. To be safe I just changed my password.

In case anyone is interested - lots of talk on Twitter and AOL's FB about the issue. None of it addressed by AOL, but use #AOLHacked to help the issue get noticed. And thank you to the Level 7 users who have been supportive - even this is obviously NOT an apple issue.

Same thing happened to me. I too have about a 20 year AOL account. Weird thing is just got my first IPhone last week. Perhaps just a coincidence but I did use AOL email for apple ID. I use Outlook and never go to AOL directly for mail. The spam emails were going to people that I emailed maybe once years ago and didn't even have in my outlook contacts. I logged into AOL and found that AOL by default automatically sets up a contact for every person you ever send an email to. They keep them forever or until you get to 5000! I deleted all these contacts since I don't use AOL directly, then selected "options" in upper right corner and chose "Mail Settings". There I selected "Compose" tab on the left and under "Sending" at the bottom of the page, turned off the check which says "Automatically add email addresses to Contacts". I'm sure they probably have the whole AOL contact list and will continue to send stuff, but maybe this can limit damage for others.

I came across this post from Reuters in late February which specifically mentions breaches of AOL and others' secure credentials.

http://www.reuters.com/article/2014/02/25/us-cybercrime-databreach-idUSBREA1O20S 20140225

From reading these and other comments on Twitter etc. it does appear that long term users of AOL have been specifically hit for some reason.

Thank you, RobPicard, and thank you to ALL community members who have inserted enlightening comments in this discussion thread. It has been an eye-opener for me, to say the least. Forgive me for posting within this particular discussion, in light of the fact that I use an iPad rather than an iPhone, but my iOS is the same (7.1) and so I believe that what I have experienced is similar to the experiences of iPhone users here.

I am a long-time AOL email user (more than 20 years), and so far I do not think that my own email account has been hacked or even spoofed, but I am holding my breath (and worried) that it could happen to me, too. HOWEVER, that being said, I have also received multiple email messages within the past four or five days from a few OTHER users of AOL who just happen to have had MY email address stored in their own Contacts list. Yes, a number of my friends' accounts have seemingly been either hacked or spoofed, and I am receiving email from them which they did NOT send!!

As all of you have noted here... most offending email is Re: News (as subject line) and just contains one word in the message body: "Hi!" -- followed by a very SUSPICIOUS-looking link which I was wise enough NOT to click upon! The email was CC: to me, as well as to 19 other people. When I checked the source headers of the email, it showed me that the originating IP ADDRESS was from a location in Istanbul, Turkey!! (Not from an AOL server in the USA) To make matters EVEN WORSE, tragically one of my friends had passed away about three months ago, and it was unbelievably "creepy" to receive an email from his address -- like, receiving email from the afterlife. In fact, I got two emails from "him" just a few days apart -- one sent by an IP in Venezuela, and the 2nd one from an IP in Chile. This is exasperating!!! It appears that nothing can be done about this?

Same thing has happened to me. However I don't think the contacts are coming from AOL. I do not use AOL contacts. I think the contacts were taken from Icloud, as all my contacts are synced there. This started April 19 for me. Email spoofed, no mail coming from my AOL account. Have changed all my passwords and it is continuing. It appears that my whole contact list was somehow cloned. The spam is going to contacts that I have never sent an AOL e-mail to, contacts that I excusively use for my other e-mail account. The only place my contact lists come together is in Icloud, that is where my suspicion arises from. Additionaly the first round of spoofed mail went to people that I Imessage with.

This is an Apple community chat, and there are a lot of similarities with the comments. Is the common link Icloud?

I too have been compromised. Same spoof emails as reported here to my whole contact list. I am a 20+ year user as well. I know it is not iCloud because I do not use iCloud. You do not necessarily have to use AOL contacts to have and AOL contact address book. If your AOL is set to automatically add email addresses to the address book then you are in trouble.

I performed a full check of my desktop computer so I'm confident the hack had to occur somewhere else. Most likely at one of AOL servers as has been mentioned in this thread.

It seems like even if AOL can find and fix the hack it will be too little too late. The email addresses and address books have been stolen and there would be no way to stop the hacker from using the data. I hope I am wrong about this.

Good luck everyone.

FYI- Spoke with AOL. They confirmed that our individual AOL accounts have not been hacked. Thats why password changes do not make a difference. They know all about the problem and have been working on it for several days hoping to have it resolved shortly.

Personally, I still don't know how they can really fix it if hackers have our address books in their possession.

Looks like the blogs and news sites are starting to take notice.

http://techcrunch.com/2014/04/21/aol-mail-hacked-with-spoofed-accounts-sending-s pam/

http://www.latimes.com/business/technology/la-fi-tn-aol-hacked-email-phishing-tw itter-20140421,0,2040533.story#axzz2zZp3un43

I'm late to this, but my account was also hacked. One of my contacts who received spam from the account is convinced that it was caused by a key logger on my Mac.

I have tried to look at the headers to see whether the messages are spoofed, but when I click on 'View all headers' in AOL no window opens. Can anyone suggest how to solve that?

Ebrigade wrote:

I'm late to this, but my account was also hacked. One of my contacts who received spam from the account is convinced that it was caused by a key logger on my Mac.

I'd have to guess that contact is a Windows user where such things are common. Unless you've allowed physical access to your computer or granted shared access over your network you won't find any keyloggers.

I have tried to look at the headers to see whether the messages are spoofed, but when I click on 'View all headers' in AOL no window opens. Can anyone suggest how to solve that?

Usually you will start seeing delivery failure messages. Those moslty go to my junk mail.

It looks like it was the address books that were hacked/stolen and the user's address was spoofed to send the messages.

http://www.brianalvey.com/news/2014/04/21/aol-address-books-hacked/

For anyone who is based in the UK, worth being aware of that you can obtain a template letter to send to Aol from the Information Commissioner's website. If you are not satisfied with Aol's reponse you can then complain to the information commissioner. I'm about to post mine as I'm pretty sure Aol has a serious case to answer here. The more the merrier.

definitely admitting to the problem sooner would have been helpful. i tried looking for info for days, since these hacking events get to critical mass quickly, but it wasn't until i got to this discussion thread that some helpful information came about.

hopefully they'll send something out to email users directly and soon.