Hackers take over AOL accounts by mumbling to customer service

Incident Date: 2003
Incident Location: USA

American Online (AOL) customer service failed to properly verify customer identities before providing hackers with access to the accounts of other people. The hackers rely on social engineering to convince AOL customer service personnel to reset the password of an account. The surprising twist is that AOL security procedures for verifying a customerís identity can be defeated if the caller is hard to understand. A hacker, using the pseudonym hakrobatik, confirmed that mumbling is an effective technique.

"I kept calling and pretending I just had jaw surgery and mumbling gibberish," hakrobatik said. "At first I had no info except the screen name, then I called and got the first name and last name by saying, 'Could you repeat what I just said?' Then each time that I got information I called back making the real information understandable, and everything else I just mumbled."

The hacker reported that many customer service personnel got so frustrated having to ask him to repeat information that they would just skip the verification steps and reset the password. In addition, hackers typically target customer service personnel at offshore AOL call centers in India or Mexico, claiming that these employees are less savvy and have less training than their American counterparts

Story Sources

Title: Hackers Run Wild and Free on AOL
Author: Christopher Null
Date: 2/21/2003
Publication: Wired News
Publication Location: CA USA
Publication URL: http://www.wired.com/news/infostructure/0,1377,57753,00.html

Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.

<-- Back to Authentication Story Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com