Whether or not you use AOL, a recently exposed mass hack of the company’s network promises trouble for everybody.
Hackers stole “a significant number” of email addresses, passwords, contact lists, postal addresses and answers to security questions, the company said in a blog post Monday. Anyone of the company’s 120 million account holders might be affected. Judging by AOL’s description of the incident, that total number could well be in the tens of millions. But AOL isn’t giving any details about the incident for now.
Non-AOL users: Watch out for spam that looks like it came from you or your friends’ AOL accounts. Hackers are doing something called email spoofing, and it’s making it seem as if long-discarded AOL email accounts are back and sending spam. Emails appear to come from your friend’s email address because the “From:” field shows their email address. But this spam is actually coming from someone else. Hooligans know who to send spam to because they have your contact list.
Although the massive hack likely affected untold millions, AOL estimates only 2% of its email accounts are being spoofed so far. So far, AOL has only been able to redirect these spoofed emails into people’s junk mail folders. AOL is now asking that all users — current and former — change their credentials. It won’t stop spoofing, but it’ll limit any spillover damage from the larger data breach.
There’s little else you can do, but you can tell if your account has been targeted. If you’re getting “mailer daemon” error messages for emails you never sent, and they’re not in your email outbox? You’re being spoofed.
source: CNN Money