AOL Investigating Spam-Blasting Security Incident

AOL says that the company is investigating the recent torrent of junk mail that appeared to come from its customers, and unauthorized access to customers’ accounts by unknown baddies. While the good news is that customers’ payment information wasn’t breached, it’s still bad that their address books, passwords, answers to security questions, and their addresses may have been.

According to the company, the breach didn’t include encrypted information like passwords or the answers to security questions: that’s not how they accessed accounts. It appears that the hackers do have access to information that customers can see in plain text once logged into their account: security question responses, names, mailing addresses, and their e-mail contacts.

A large number of messages have gone out into the virtual mailstream that appear to come from AOL customers in recent weeks, but that are obviously spammy. Most of these messages went out to customers’ own contacts, though, so the question remains: how did hackers get access to their accounts?

For now, AOL is telling other mail providers to block addresses that appear to come from AOL members but didn’t originate on the company’s servers. If you (or someone who sends you forwards of animated cartoon kittens) happen to be an AOL e-mail user, be sure to change your password and the answers to your security questions.

AOL Investigating Security Incident on Network [Wall Street Journal]