In a statement this afternoon, AOL admitted that accounts had been compromised. What’s not clear yet is what has been compromised: is it the accounts themselves, or simply customers’ addresses and their address books? If the mysterious baddies have access to users’ accounts, they can send mail from those accounts and also have access to customers’ messages. If they have access to addresses and address books, then they can send out forged messages to someone’s regular correspondents that appear to come from that person, which makes recipients more likely to open a message and click on any links.
Either way, exercise caution: don’t click on any links provided in e-mails that you weren’t expecting, especially if they come from AOL users. (Not necessarily if they come from AOL users.) If you use AOL e-mail (we don’t judge) the company has information about how to tell if your account has been compromised. It’s probably a good idea to take this opportunity to change your password, since changing passwords is a good habit even if no one has been using your accounts illicitly.
Aol Mail Hacked With Spoofed Accounts Sending Spam [TechCrunch]
AOL confirms Mail service hacked [USA Today]