But hackers did access a trove of personal data including AOL users' email addresses, mailing addresses, contacts, encrypted passwords, encrypted answers to security questions used for resetting passwords, and some employee information.
Spammers used that information to send "spoofed" emails -- messages that appear to be from a valid address or trusted contact, but are not actually from those contacts -- from about 2 percent all AOL Mail accounts, the company said.
AOL is notifying users who may have been affected, the company said Monday, and it is working with law enforcement "to investigate this serious criminal activity. Customer complaints about the spoofing began popping up early last week, including on Twitter with the hashtag aolhacked. AOL posted a warning on April 22 about the attack, and stated that it would change its policy "to help mail providers reject email messages that are sent using forged AOL Mail addresses.
AOL Mail takes action against email spoofing! AOL's official support Twitter account has spent the week tweeting apologies and statements to disgruntled customers, but even some longtime AOL diehards couldn't be mollified. AOL will ask you a security question that you provided the answer for when signing up. Hit Forgot answer, and an email will be sent to your alternate email address linked to the account.
Hackers will immediately try to gain control of your account by adding their own contact information to the account. If anything was added or changed, this is a clear indicator that someone has messed with your account. Two-factor authentication is the latest way to keep hackers out of your account. Even if they somehow get your username and password, without the verification code, access will be denied.
Two-step authentication requires users to enter a code that is sent to your chosen mobile device each time they want to log in. Turn on two-step authentication in your Settings menu. The page explains how the process works, and then you can click Get Started the blue button on the bottom to get things going.
A tragically common mistake people make is using the same password for all of their online accounts. It is critical that anyone working on internet use a virus protection program which should catch most Trojans.
Note that since a Trojan requires the password to be typed or stored in order to be recovered, this is not an effective way to recover your own password. It could explain, however, how someone could lose their password to a hacker. Sending someone a Trojan program is certainly illegal and we do not recommend or condone this activity. A Trojan is unlikely to be effective in recovering a particular account password since it requires the target to install it.
However, hackers will often bulk mail Trojans to thousands of people in the hope that a small percentage will get caught. Legitimate account holders who may have been caught by a Trojan and can authenticate themselves should contact their service provider to have their account passwords reset. Based on the order of the keystrokes, it is usually easy to identify the password s from the file later.
Like the Trojan, this also requires that someone actually type the password. Keyloggers come in two types: hardware and software. A hardware keylogger can be fitted between the keyboard cable and the computer and can be activated with a few keystrokes.
It is then left in place until after the password that you are looking to recover is typed. Later it is removed and the file of keystrokes is examined for the password. A hardware keylogger is undectable by anti-virus software. A software keylogger is installed on a system and effectively has the same function, however, it is a little bit more complex to use since it must be installed to run stealthily to be effective.
A keylogger could be used to steal a password from someone who is using an office computer or sharing a computer. It is possible that installing and using such a device or piece of software could be illegal depending upon whether the target has a presumption of privacy when using the computer on which the keylogger is installed. It would be possible for this website to pop-up some windows that look like something else. They could look almost identical to windows that an inexperienced user might expect from his local computer.
The user could be fooled into submitting information to the hostile website. For instance, consider the effect of seeing the following series of windows: If these could trick you into entering your password, then you could end-up sending your password to the attacker. Windows such as these could be created to mirror virtually any program or series of actions. Therefore, a hostile website could target you with a series of screen shots that look exactly as they should on your system.
The key is that the screen shots are not coming from your system, but are coming from the hostile website. First, creating such a hostile website is probably fraudulent and illegal. We do not recommend or condone this activity. To protect yourself against this type of attack, make sure to configure your browser for high security and enable warnings for any code that is executed on your system. SNIFFING If two people do not share the same computer, but do share the same network, it may be possible for one to sniff the others' packets as they sign-on.
0コメント