Today it was confirmed by a report from Reuters that the AOL password breach is faring far worse than previously thought.
Of AOL’s 26 million users, around 2 percent of them had been successfully hijacked from their owners control in order to spam the inboxes of customers on Gmail, Yahoo, and Hotmail. The competing services would have less of a chance of filtering the content if it came from a third party, unlike those inside AOL’s internal network which have already been set up to forward straight to the spam furnace for immediate deletion.
These numbers back up the severity of the scam first launched by an unknown hacker last week ago, which has been used to control a classic spamnet that has likely netted the hacker(s) behind it a couple million in black market cash so far.
“AOL’s investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information.”
As of this writing there isn’t any admittable evidence which shows that the encryption on the files containing this valuable information has been cracked, however much of that process is something which takes place behind the scenes and disconnected from the open net, meaning accurate statistics end up becoming more of an art than a science in this particular case.
AOL hasn’t commented on exactly where they believe the source of the problem might be coming from, which suggests they either haven’t found the culprits yet, or aren’t comfortable giving names out publicly in fear of losing the scent on whatever trail they might have picked up on so far.
The hackers involved in the attack made off with email addresses, postal addresses, encrypted passwords and answers to security questions used to reset passwords.
As per AOL’s suggestion, if you have an account with them or rely on their services for email you should change your password immediately. If your account is affected by the bug you should receive a notification in both your primary and backup boxes, granted both haven’t been completely taken over just yet.