According to Reuters AOL has admitted there was a breach of their network security that compromised 2% of their accounts. Users are being told to reset their passwords, and security questions.
AOL started investigating the attack after users started reporting an uptick in spam from aol.com addresses. This spam was using @aol.com addresses to send mail to addresses in that user’s address book.
According to the AOL mail team, they are still investigating the attack, but they do not believe financial information was compromised. Their statement reads in part:
we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts.
One of the responses to the attack was to change the AOL DMARC policy from p=none to p=reject. Any ISP respecting DMARC policies on the inbound will reject the spam. Legitimate mail sent through servers that don’t belong to AOL (like mailing lists or ESPs) is also affected by this policy and will not be delivered.
It seems that both the frequency and the severity of security attacks is increasing. It’s always possible this is a consequence of publicity. But the attackers do really seem to be escalating. Much of the data is used to steal financial information, but this recent round of attacks seems to mostly be trying to find new victims to compromise. In any case, security is a major issue that none of us can ignore.