AOL Passwords hacked from iPhone

mefff wrote:

They provided an answer in one of their blogs:

http://blog.aol.com/2014/04/22/aol-mail-takes-action-against-email-spoofing

Yes, they took the nuclear option to solve the problem that THEY WERE HACKED.

What this means is that you will not longer be able to use your AOL account to post to a mailing list or listserv, because this change means that a message you send to a list that leaves your email in the FROM field will be blocked. Yahoo did this a couple of weeks ago, and it essentially caused all Yahoo email accounts to be banned from most listservs. AOL now joins their company.

From AOL's blog, they don't address or acknowledge that the users contacts have been compromised. I think for most of us effected, that's the part that we worry about (and as Brian Alvey's blog describes).

Slightly annoying.

AOL seems to be telling two different stories. I've seen a news story where AOL apparently admitted they had been hacked, but the announcement on their blog seems to push off any responsibility and call it spoofing. Sad.

Unfortunately the problem has not abated for me. I am still receiving returned mail from the spoofing. AOL has attempted to fix it but appears to be dodging full responsibility. We are all aware now that THEIR computers were hacked and our address books stolen.

Good luck.

I found it can take a few days for undelivered messages to fully work themselves out - sometimes they make several attempts to send before giving up.

Mine has gone quiet.

I agree AOL were indeed hacked and our address books taken.

SMFUser wrote:

Unfortunately the problem has not abated for me. I am still receiving returned mail from the spoofing.

That's actually good news. It means the AOL actions are having an effect and that mail sent with your name faked as the From: address are not being accepted. It's actually up to the delivery ISP to enforce the rules, so some will undoubtedly continue to get through, but once the spammers realize that it's no longer working as well as it used to then all the aol.com addresses will come off the list of valid addresses.

AOL has attempted to fix it but appears to be dodging full responsibility.

The articles I've been reading say this is only a first step for AOL and that they are continuing to investingate the hack. For those of you that have already had your address and contacts harvested, there isn't anything AOL can do to help you, but hopefully they can find and fix the issue for others who have not yet been impacted.

thomas_r. wrote:

AOL seems to be telling two different stories.

I believe that's because it is two different stories. At least one article on this quoted AOL as saying they were continuing to investigate the hack, so it doesn't sound like they have a root cause yet. In any case, that won't help anybody here who has already had their information harvested and sold to probably multiple spammer gangs. But they still need to fix it so others won't suffer the issue.

The actions announced today will help users here who don't want their names associated with spam, especially when it involves their contacts. It's the only thing that I know of that AOL can do to slow the flood. I believe they did something similar many years ago, but stopped when list operators complained that AOL users were unable to participate. I've checked and it looks like it will impact every mail list I participate in, but not me as I don't use my AOL address for any of them.

MadMacs0 wrote:

I've checked and it looks like it will impact every mail list I participate in, but not me as I don't use my AOL address for any of them.

There are some workarounds for lists, but they require listservers to violate email standards. L-Soft is releasing an update today that will rewrite the FROM field to show the list address, a clear violation of RFCs, but it will get around the DMARC reject. The mailman team is still discussing options and has several similar fixes being contemplated. L-Soft's solution won't help many smaller list sites that cannot afford to update their maintenance. So many lists are simply banning AOL and Yahoo addresses from posting.

Sorry to say me too!!! Misery loves company. Sending out "News" emails to all of my aol contacts. Started April 18th ish.

All the talk about hacked iphone or something I/we did please dont say that. Consider myself very adept at avoiding hack/virus spam, and always super careful. My iphone is as was purchased.

I have traced it being logging into my aol e-mail through my iphone. Changed the password several times, and it continued to send. But I reentered new password under my aol iphone email. My "news" emails would go out once every 24 hours, 6:34 am for me. When I didnt update new password on iphone, email do not get sent. Since I have had my aol for 20 years l plan on keeping and hope for a fix. Since its not within my aol on desktop or ipad, can still use aol there. Note, that I have gmail and several work emails logged into on iphone, all otheres unefected.

Apparently other phone users besides iphone having same issue with aol mail.

I have yet to reinstall new iphone software to phone, was wondering if any tried or had any success??

But its my humble opinion the virus lies between (or within) the aol email account logged into a phone. Changing aol password uneffective. So believe its a problem for both cell software and aol email, and their interactions.

Please post any successful solutions other than deleting aol mail from iphone

The opinion of the email experts groups that I interact with are absolutely certain it has nothing to do with iPhones. First, the messages do not originate at AOL; they come from other servers and spoof the AOL address. Second, many of the AOL addresses that are sending spam don't own iPhones. And two of the ones that I have gotten spam from are users who have been dead over 2 years.

AOL has as much as acknowledged (in a weasel-worded way) that the ultimate source of the spam was a break-in to AOL's mail servers; it wasn't even hacked accounts. Hackers stole contact lists and screen names (not even passwords), and then shipped those contact lists and screen names to a botnet that generated the spam, forging the AOL email address. This is really obvious if you look at the raw message source; none of the messages come from an AOL mail server; they all come from an assortment of computers, mostly in Eastern Europe.

Lawrence Finch wrote:

none of the messages come from an AOL mail server; they all come from an assortment of computers, mostly in Eastern Europe.

That's exactly what my analysis has revealed. This is the work of a professional Spam network, either unsuspecting botnet computers or "stay at home moms" who responded to a work from home ad and are now paid to send pre-formatted spam messages to a list of aol.com user names and contacts they were provided with.

@Carvinginnyc

because i have numerous email addresses and my AOL one that was spoofed sent the spam message to some of my other accts which showed the time+date sent which was close to the time I received. My spoofed email continues to receive bounceback/delayed notifications from the spam sent earlier this week but I am hoping no more are being sent out.

My mac addess book was hacked and spam sent to everyone there and in an old AOL address book ten days ago. I received another iCloud Customer Care email that caused my original meltdown. I don't know but I believe they originally got in through AOL which linked my Mac as a backup address--some returned email were from ancient addresses that had only been in my AOL account.

When that first email came I made another fatal mistake and clicked on the message that looked legit (before morning coffee) which allowed them in. It took over my computer whirring away erasing my entire email address book and began deleting all my email files. I stopped it when I hit spam and/or changed my password. Was able to save most everything through Time Machine and Apple iCloud.

I thought all was well (besides about a half dozen friends who actually believed I was in Ukraine and needed help) but this morning (almost 2 weeks later) another email came that is identical looking to the ones before that took over. No I didn't click on it.

The only thing I want to add is that the return email was to a yahoo account (which I don't have) and when one contact wrote back to that address, the hackers corresponded twice and wanted money wired to me at an address in Ukraine.

I just received a new spoof message sent from the same AOL address that was hacked before, sent to people in my address book (including another address of mine).

It appears from reading the header the authentication of my address as sender was somehow fooled - although I am no expert in reading these things.

If anyone is interested I can post the header but this is worrying if it is a loophole in the DMARC system?

It was inevitable that spammers would find a way around DMARC. If you check closely you will see that it is only the screen name in the FROM field, no @aol.com. There is a different non-AOL email address.

There's a lively discussion of this in the DMARC listserv.