Yep, AOL Admits E-Mail Accounts Were Compromised

If you’re getting weird junk mail from your friends, colleagues, and grandparents who use AOL for their e-mail, you’re not alone. In the last day, many AOL users have reported that messages were sent under their names that they never approved. Were their accounts hacked? Should you be concerned? The answer to both questions is “maybe.”

In a statement this afternoon, AOL admitted that accounts had been compromised. What’s not clear yet is what has been compromised: is it the accounts themselves, or simply customers’ addresses and their address books? If the mysterious baddies have access to users’ accounts, they can send mail from those accounts and also have access to customers’ messages. If they have access to addresses and address books, then they can send out forged messages to someone’s regular correspondents that appear to come from that person, which makes recipients more likely to open a message and click on any links.

Either way, exercise caution: don’t click on any links provided in e-mails that you weren’t expecting, especially if they come from AOL users. (Not necessarily if they come from AOL users.) If you use AOL e-mail (we don’t judge) the company has information about how to tell if your account has been compromised. It’s probably a good idea to take this opportunity to change your password, since changing passwords is a good habit even if no one has been using your accounts illicitly.

Aol Mail Hacked With Spoofed Accounts Sending Spam [TechCrunch]
AOL confirms Mail service hacked [USA Today]