Hellman & Friedman to Acquire Checkmarx at a $1.15B Valuation

You’ve Got a Breach: AOL Investigating After Spoofing Incident

If you just couldn’t get enough of changing your passwords after the Heartbleed fiasco and still keep an active AOL account, you’re in luck. The company announced on Monday that it is further investigating a security incident after a “significant” number of user accounts were found to have been compromised, with AOL estimating around 2% of their over 20 million customers at risk. Users are urged to change their passwords and personal answers to their security questions.

The company has “determined that there was unauthorized access to information regarding a significant number of user accounts,” their security update stated. Stolen data is believed to include emails, home addresses, further contact information, encrypted passwords, and encrypted answers to security questions. 

Currently, the company is saying there is no sign that any financial information was stolen in the breach. In addition, AOL believes the passwords and security questions had not been cracked…yet. Depending on whether AOL uses encryption or hashing for password storage, those passwords may or may not stay secure.

The investigation began shortly after email users started receiving a high rate of spam and noticing spoofed messages in their inbox’s. Spoofing is the act of deceptively changing the ‘From’ email address in a message, making it appear to come from the sender, when in reality it’s sent from a different server. The AOL spoofing campaign has used emails with subject lines as vague as “How are you?” The email reads “Have you already seen it” with a malicious link under, which sends victims to sites hawking diet pills, reported GigaOm.

The emails were being sent to the users actual contacts, signaling that there was a deeper issue at hand than the hackers spamming random people. AOL’s new announcement comes a full week after their original blog post detailing the spoofing issue.

In response to the high rate of spoofed emails plaguing AOL users over the last month or so, the company changed its’ DMARC policy, which dictates how the service handles email requests. The new policy blocks messages sent by someone with an AOL email address that did not come from AOL’s servers.

Protecting Yourself & Your Customers

If you are an AOL email (or other AOL service) user, you need to change your password on that site, as well as any other site you may be using that same password for, though that’s a big no-no in the first place. In addition, you’ll want to change any password that may have been sent to your email in plain text; it is possible that hackers will be searching for passwords to other services within compromised email accounts.

With more and more of these breach incidents occurring, it’s essential to take upmost caution in protecting yourself and your customers against breaches like this one. For individual protection, you’re always recommended to choose new, strong passphrases for each online service and site.

For customer protection, a vital part is securing both client-side and server-side code with strong rules for validation and sanitization. The best way to secure your code against vulnerabilities like the one that could have allowed hackers to breach AOL’s database is through Source Code Analysis. With Checkmarx CxSuite, your code’s vulnerabilities are visualized for you, showing the best fix location for each set of issues found during the scan.

Jump to Category