5551655751_c83d0a51ed_z-300x199

You’ve Got a Breach: AOL Investigating After Spoofing Incident

Apr 30, 2014 By Sarah Vonnegut

If you just couldn’t get enough of changing your passwords after the Heartbleed fiasco and still keep an active AOL account, you’re in luck. The company announced on Monday that it is further investigating a security incident after a “significant” number of user accounts were found to have been compromised, with AOL estimating around 2% of their over 20 million customers at risk. Users are urged to change their passwords and personal answers to their security questions.

The company has “determined that there was unauthorized access to information regarding a significant number of user accounts,” their security update stated. Stolen data is believed to include emails, home addresses, further contact information, encrypted passwords, and encrypted answers to security questions. 

Currently, the company is saying there is no sign that any financial information was stolen in the breach. In addition, AOL believes the passwords and security questions had not been cracked…yet. Depending on whether AOL uses encryption or hashing for password storage, those passwords may or may not stay secure.

The investigation began shortly after email users started receiving a high rate of spam and noticing spoofed messages in their inbox’s. Spoofing is the act of deceptively changing the ‘From’ email address in a message, making it appear to come from the sender, when in reality it’s sent from a different server. The AOL spoofing campaign has used emails with subject lines as vague as “How are you?” The email reads “Have you already seen it” with a malicious link under, which sends victims to sites hawking diet pills, reported GigaOm.

The emails were being sent to the users actual contacts, signaling that there was a deeper issue at hand than the hackers spamming random people. AOL’s new announcement comes a full week after their original blog post detailing the spoofing issue.

In response to the high rate of spoofed emails plaguing AOL users over the last month or so, the company changed its’ DMARC policy, which dictates how the service handles email requests. The new policy blocks messages sent by someone with an AOL email address that did not come from AOL’s servers.

Protecting Yourself & Your Customers

If you are an AOL email (or other AOL service) user, you need to change your password on that site, as well as any other site you may be using that same password for, though that’s a big no-no in the first place. In addition, you’ll want to change any password that may have been sent to your email in plain text; it is possible that hackers will be searching for passwords to other services within compromised email accounts.

With more and more of these breach incidents occurring, it’s essential to take upmost caution in protecting yourself and your customers against breaches like this one. For individual protection, you’re always recommended to choose new, strong passphrases for each online service and site.

For customer protection, a vital part is securing both client-side and server-side code with strong rules for validation and sanitization. The best way to secure your code against vulnerabilities like the one that could have allowed hackers to breach AOL’s database is through Source Code Analysis. With Checkmarx CxSuite, your code’s vulnerabilities are visualized for you, showing the best fix location for each set of issues found during the scan.

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.