Your old AOL email address may be sending out spam

37 Comments

Usually, receiving an email from an AOL(s AOL) email address with a cryptic subject like “Hi” or “Fw: news” wouldn’t be too much of a concern, but you might want to not click on those links: there are multiple reports out Monday that old AOL accounts have been compromised and are sending out phishing spam.

Affected users are airing their complaints on the #aolhacked hashtag on Twitter. One user is complaining that phishing emails were sent to every single one of his 2,200 contacts. Some are simply seeing the phishing emails from others and tweeting about it. There are two users who are complaining that changing passwords and security questions are not stopping the rivers of spam coming from their accounts. Several affected users are longtime AOL subscribers with decades-old accounts.

I’ve received a few of the emails in question, and they generally look like this with a few different permutations:

From:XXXXXXXXXXX@aol.com
Date: Sun, Apr 20, 2014 at 8:25 AM
Subject: How are you?
To:

Hi!  

Have you already seen it?  http://XXXXXX.it/ik/breakingnews.php

 

I’ve reached out to AOL for a statement and will update if they respond. According to AOL’s help document on spoofing, if spam emails are found in the sent folder, that means that the account has been compromised.

In the meantime, the best course of action is to delete suspicious emails and check your old AOL account to make sure a bad actor isn’t sending out spam under your name. The emails aren’t the most sophisticated phishing attempts — there’s no call to action and the destination link does not look like a bank or internet service — but sometimes it’s hard not to click on an email from Grandma with the subject “How are you?”

Update 7PM EDT: AOL’s response is below:

AOL takes the safety and security of consumers very seriously, and we are actively addressing consumer complaints.We are working to resolve the issue of account spoofing to keep users and their respective accounts running smoothly and securely. Users can find the latest updates on our AOL Help site, and should contact us if they believe their account is being spoofed.

Update 5:05PM EDT 4/22/14: A few minutes ago, Aol sent over another statement. Although there is no mention of where the spoofers/spammers got the contacts from, Aol has acknowledged the problem and is taking steps to ameliorate its effects:

AOL Mail is immediately changing its policy to help mail providers reject email messages that are sent using forged AOL Mail addresses. 

This means that Aol has changed its DMARC policy to reject. This tells other mailbox providers to reject Aol email that doesn’t come from an Aol server. It also means that if you use an alternate provider to manage your AOL email address, emails may no longer reach the recipient’s inbox. You can read the entire statement on the Aol corporate blog.

Update 4/28/14: Aol has confirmed the security breach, noting that encrypted passwords and security questions and answers were exposed. More information is in our updated post.

 

 

37 Comments

Sandra

My AOL account was definitely hacked because these emails were sent from my account. There were over 1,000 in my sent folder, that I did not send and all on the same day and time. Even though I deleted all of them and those which were returned in my in box I also changed my password and security questions and proceeded to delete my entire contact list. Now though is my account safe. How about my folders of saved emails are those safe? I fear that those are compromised as well, but I don’t know.

Elaine

Is there anything at all to solve this please ? I’m the same rang aol and when reset security question it won’t work so frustrated thanks

Chris

Just because you don’t see emails in your outbox doesn’t really mean a lot. I have some apps on my phone that send from my AOL account, but they don’t show up in the outbox. Something with the ports. I use a bunch of non-AOL account too. AOL still has some useful features I can’t duplicate with other services. I can’t tell you how many times really smart people ask me to re-send emails they can’t find. I just forward the old email, with attachments, and its done. Thunderbird and Outlook are both weak. Stuff gets lost.

Stacy Kolb Reid

I thought I was the only one until I saw it on the news tonight, nothing like having a business and your customers think you are sending them spam…I lost many customers of that I’m sure…plus I got a lot of threats…”quit sending me your garbage, you sorry scum”, “send your crap somewhere else”…it made for a few miserable days until AOL blocked most of it on the 22nd

Marci Fahnestock

I was having the above problem for several weeks, with spam mail going out in my name and now I am getting a message that states, “An AOL session initiated by another user on this computer is still running. Please switch back to the other user account and close the AOL software. ” I have no other user on this computer and have gone to my task bar and closed out AOL from running, however, I can no longer sign in to AOL as the above message keeps popping up. You will not be able to get a message back to me, as I can not get to my account – it is a catch 20. gggrrrrrrrrrrrrr

Marci

Gatortag

Good luck shutting down the account. My dad passed away, and while we know his password, we don’t know his “favorite restaurant. So, we can’t change the password or delete the account. Unless we pay to upgrade, there is no way to contact AOL support – it is impossible to get past their automated call dispatching system without giving up a phone number or aol account name – and if it isn’t a premium account – they immediately shut you out of the call. Frigging Catch 22 ridiculous. In the meantime his account is spamming everyone and we can’t do anything about it. Does AOL wonder why they are about as well known as Lotus Symphony? Customer service assholes.

aol since 1997

This was the thanks I get for having an email with them since 1997…so many contacts over the years…and now I have contacts that have fallen in the hands of them wrong people because of this nightmare! When contacts were spammed, they got a list of my contacts!!

Dhruv Rawat

my email account was hacked few days ago .I went to local technician they were not able to fix the problem and now i called few min back to technical support executive on 8884514815.they fixed my email .now i can receive and send email and they told me my account hacked.hacker were from Nigeria trying to get my all information from my business and email account.

H

I am receiving them to my work email address which is used for confidential information. PLEASE find a way to fix this immediately. I’m receiving hundreds of them a week

me

just ditched a 20 year old aol acct bc this is happening. I hope it stops soon as the spam mails have been bothering people on my contact list for days now. I am closing the account but aol is taking forever to actually deactivate it sadly.

Dhruv Rawat

my email account was hacked few days ago .I went to local technician they were not able to fix the problem and now i called few min back to technical support executive on 8884514815.they fixed my email .now i can receive and send email and they told me my account hacked.hacker were from Nigeria trying to get my all information from my business and email account.

mortified AOL user

Same thing happening to me now, started Saturday night 4/19/14. I changed password and even deleted some of my contacts, but even the deleted contacts are still getting repeated emails from me, and to my mortification many are gullible enough to click on the link. From what I hear, it’s ads for weight loss that drop the names Oprah and Dr. Oz. I had trouble changing my password and had to call AOL. The 1 800 827 6364 number was useless but I got through on 1 855 622 4946 after a 75 minute wait on hold. Still, the problem is continuing and literally hundreds of bogus emails are going out under my name. Don’t know why the AOL servers can’t stop it. Glad to know it’s not just me, though. Thanks for your efforts.

aol since 1997

Lucky you! I tried getting a hold of aol three times by phone…first was disconnected, second time finally spoke to someone and then click disconnected…third time spoke to a representative who told me, “what do you want us to do for your free account?”…so I tried getting through on the internet through live chat…was 106 in the que…two and a half hours later, I was number 9 only to read “session ended”….game over!

Karen Strauss

I spoke with someone at AOL today finally – after repeated calls for 3 days.
They told me that the hacker was still in my account and even though I repeatedly changed my password and security questions – the hacker had access to my account since he was still in my account. The only way to solve this is to call AOL and get them to personally “kick out” the hacker from their server. I tried to cancel my account on-line but they told me it was “pending” – the customer service person said she was able to cancel it right away however
So we will see – I am praying this nightmare is now over!!

AOL User

We use a paid AOL email address that has been our business’s email address for over 20 years. This looks incredibly bad for our business that our customers are getting spam from us! To even explain that our account is being spoofed or hacked or whatever is still not looking good for our company. AOL is more than likely losing us. This is unfixable! If these spoofers just have our customers email addresses whether we have an account or not than that is horrible in it’s self …this is beyond terrible… angry customer emails, calls and texts have been pouring in all day…

Nic

I’m a Gmail user and it is usually excellent at catching spam. Curiously, all these AOL spam emails are going straight to the inbox. Perhaps that’s because all the senders are known addresses with whom I have communicated before.
Anyway, I have checked my address book and have 14 contacts using AOL addresses. I have been spammed by all 14 of them. Looks bad.

Aol user

It looks like a TON of people are affected, yet I just read an article, where it says aol claims it’s less than 1% of users being affected. They are kidding themselves if they really think this,

Smilton10

Hi

I have the same issue – three days in a row I’ve have mail returned from old and random contacts but there’s nothing in my sent box so they’re obviously spoofed.

My concern is that this is my main email account that I’ve used since 2002 so closing it isn’t really an option – does anyone know of any way to divert emails to another address like you can with phone numbers?

Thanks

Mckay

Good luck getting a hold of aol tech support. I cxld my acct years ago & over the weekend my contacts were bombarded with spam supposedly sent by me. The call center does not want to connect me to tech support as I DO NOT have an aol acct. I can’t get past the road block. I am trying to fix something that’s happening to a deleted acct. suggestions?

Karen Strauss

Try this number – I was able to reach the customer service people here:
800 827-6364.
That’s scary that you cancelled it years ago and you are still getting hacked.

Another angry AOL user...

Yes, they are spoofed, but it’s obvious that someone has totally breached AOL security, as my entire contact list seems to have been downloaded and is being used to send spoofed emails in my name.

AOL can’t keep this quiet much longer, and their slow, head-in-the sand approach to the problem just ensures that they circle the drain that much faster–and now the garbage disposal is ON.

AOL customer, raging angry now!

Sorry, think I pressed the ‘comment’ button twice, my nerves are frazzled! :/

AOL’s response is possibly the most pathetic I’ve read in a very, very long time.

Tomorrow, I’ll close down my accounts. I have so many emails so I’m not sure if I can export them as a batch or if it’s even safe to download them to my computer, so many are receipts. If anyone can help me with this I would be so grateful as I have only ever used AOL email online in my browser, never in Thunderbird, etc.

Thank you, Martin for telling me that it’s the AOL servers that have been compromised, it’s reassuring that they haven’t been in my account but it’s still horrifying, You’re absolutely right, I have none of the spoof emails in my sent box but 44 returned emails in my inbox from companies saying they’ll get back to me, Audible have even opened an account!!!! I have another 14 spam box mailer-daemon replies saying the messages have been refused. Thank goodness, at least some of my contacts won’t get them.

Given their lacklustre response and that it’s only paying customers that can contact them: I tried for hours to find a UK call centre or email but that’s just not available for those of us with free accounts. I’ve also discovered that I can’t even delete my free account. Who doesn’t let you delete your account???? I’m so appalled and scared, if they can hack their servers then does that mean they can read all of our emails? Given AOL’s useless response I don’t see this getting better anytime soon. Using my contacts is bad and embarrassing enough but getting their sticky little mitts on private info in saved mail is another thing.

Again, if anyone can help me find a way to batch export my emails, I have other mail accounts they can be sent to, I would be so grateful. Thanks already for your feedback and for keeping such a close eye on this for all of us. Keep up the good work!

At least we’re not alone in this, we may not have AOL to help us but we have a fantastic site here that’s helping, thank you SO much!

Aol user

It is extremely embarrassing. This is going to parents of children my kids used to be friends with, teachers, school PTA email addresses, realtors…

Plinio

Happening to me too, i thought changing my password last night would help. How can i delete my contacts history so they qont email to them? I’ve been contacted by some asking me WHY! Am I sending those emails. Thanks beforehand

Michael Unfried

The emails aren’t coming from your actual account. And, unfortunately, deleting your contact list almost certainly won’t do any good at this point, since the hackers already have the list.

The really, really aggravating truth here is that there is *nothing* we can do directly to stop this. If you have access to the outgoing emails, and know how to get to the actually message headers, you can try and figure out what server originally sent the email and notify then that their server is compromised. The problem is *way* bigger than just AOL’s email servers.

Aol user

Happened to me, starting yesterday. So frustrated. Aol won’t do anything but change my password and they will not acknowledge there is a problem. The emails are actually coming from my email as I have drafts and returned mail in my mailbox. I have changed my password 5 times in less than 24 hours and it keeps happening.

Kif Leswing

Yeah that’s frustrating. I’ve heard from other people too they too have gotten maeler-deamons, but AOL’s customer service continues to insist it’s a spoofing attack.

Aol user

It cannot be a spoofing attack! It makes me so mad they are saying this. Like I said I had it in my drafts folder along with returned mail and they are using contacts I sent maybe 1 email to going all the way back to 2009! When I called aol yesterday they are insisting there is no problem. I’m glad they are finally saying something even though still not really owning up to it.

Michael Unfried

Not to deny your issue, but the ones I’m seeing going out *are* a spoof. There’s still the bigger question of how hackers managed to acquire the contact lists but, at least in my case, I have confirmed that the emails are not actually coming from my account.

You will get mailer-daemon “returned” emails, even with a spoof attack. If you’ve actually got something in the Drafts folder, that’s a different story. Check your sent folder and see if it’s in there.

If you have access to any of the emails that actually got sent out (they sent me email on a different account in my case) try checking the message header itself. *How* to do that varies a bit between email services.

Here is what I’m seeing in the header of the emails I got:

Received: from 111-248-170-73.dynamic.hinet.net ([111.248.170.73]:61088 helo=SARTAINMUSIC.COM)
by echo.unisonplatform.com with esmtpa (Exim 4.82)

So… not actually coming from AOL’s mail servers.

jklfamily

Same issue. Emails sent looking like they are from my account three different days in a row. I’ve changed my password four times now. No idea how to fix it. Grr.

AOL customer

It’s happening to me, I exported then deleted all of my contacts so the bots can try as much as they like and they won’t get anywhere. I am so angry that this has happened and can only hope my friends and business colleagues won’t click on the link. I received ten emails in my inbox – from myself! These people are SCUM!

Thank you so much for the post, I’ll refresh the page every few hours and see if you have managed to gather any more info.

Thanks again.

martin ash

Unfortunately deleting your contacts won’t help with this attack. AOL’s servers have been compromised and the addresses have been taken from there not from your personal account. Changing your password and/or security question will do nothing either. You’ll notice all the returned mail in your inbox and yet nothing in your outbox because nothing is actually going from your account. They are trying and have been for days apparently, we just have to sit tight until they close the breach.

AOL customer, raging angry now!

Thanks so much, extended thanks in my other reply to the general post. :)

Michael Unfried

Unfortunately, even if AOL closes the breach, hackers already have their lists and can keep sending at will, since none of these emails are actually touching AOL’s servers. At this point, the only thing you can do is try and trace the original sending server (SMTP) from the email headers, do a WhoIs lookup on the URL, and try to notify the hosts that their servers are compromised. This problem is not a *LOT* bigger than just AOL, and there’s nothing they can do to stop it.

Comments are closed.