Feeds

AOL's secrets of spin revealed

Post hack-attack advice

  • alert
  • submit to reddit

Build a business case: developing custom apps

While still trying to get over the embarrassment of last week's hack attack, AOL's secrets of spin have now been leaked online.

On Friday, the US ISP said hackers had gained access to an undisclosed number of member accounts via a virus attachment sent with emails. It has still not disclosed exactly how many accounts were affected, but a representative today put the figure at around 200.

The attack was similar to the ILoveYou virus which caused worldwide havoc in networks earlier this year. Emails containing a Trojan horse attachment were sent to AOL's customer service representatives. When opened, they created a connection to the sender's PC and allowed access to some AOL account details - believed to include the customer's user name, as well as their address and the last four digits of their credit card.

The hack attack was first uncovered by observers.net, a Web site which takes no prisoners where AOL is concerned.

Today this site, set up by ex-AOL staff, claims to have exposed yet more breaches in AOL security. Observers is sporting an alleged internal AOL document which was sent to selected company staff to advise them on how to field customer and press enquiries.

The leaked memo, helpfully headed "Need-to-know information to keep you in-the-know", lists what to tell the press, ie. not a lot, and how to calm frustrated customers.

Here's what to expect if you call AOL as a customer...

Customer: "I was listening to the news and heard a story about compromised accounts... is that true?

AOL representative: "We are aware of claims that a small number of employee accounts have been compromised, and that by illegally using these accounts, hackers claim to have viewed a very limited number of member customer service records.

"We take these claims very seriously. We employ the highest levels of security available anywhere. No information contained in our network or in our databases is of a higher priority for us than member information.

"We have already taken steps and added additional security, to our already high levels of security, that will prevent this from happening."

And another...

Customer: "What is AOL doing to handle this situation?"

AOL representative: "We are investigating these claims and adding additional security measures that will prevent this from happening. We take these claims very seriously."

Sound familiar?

Rich D'Amato, an AOL representative, today said the company was in the process of rolling out additional security measures following the hacker incident. He claimed not to have seen the leaked memo on the Observers site. When asked to look at it and comment on its authenticity, he refused.

He denied the leaking of a private AOL company document online suggested any breach of security. "They are two totally different things altogether," he said. "The fact that someone has passed a memo along, and shared it with someone else, reflects in no way on security."

The ISP intends to contact all members affected by the hacking, and D'Amato said he had "not heard any numbers associated with any cancellations" as a result of the attack.

The full version of the leaked AOL memo, plus a version with added comments by Observers, can be found here. ®

Next gen security for virtualised datacentres

More from The Register

next story
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Microsoft exits climate denier lobby group
ALEC will have to do without Redmond, it seems
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.