Reporter finds himself on the receiving end of AOL customer service social engineering

Incident Date: May 1998
Incident Location: USA

Reporter Jim Hu found out first hand how failures in American Online’s (AOL) customer service department can affect the security of customers. After a May 1998 interview with a hacker allegedly responsible for an attack on the ACLU, Mr. Hu finds that the hacker has broken into his AOL account. He infers that the hacker obtained his password by contacting AOL customer service.

Seeking to test the security himself, Mr. Hu calls AOL customer service to find out whether they properly identify him before making account changes. AOL customer service reps do request credit card or checking account verification during his first three calls. However, on the 4th attempt Mr. Hu discovers that the customer service representative doesn’t request personal information.

Story Sources

Title: How I got hacked on AOL
Author: Jim Hu
Date: 5/28/1998
Publication: CNET
Publication Location: USA
Publication URL:

Do you have additional information to contribute regarding this story? If so, please email with the details and source.

<-- Back to Authentication Story Index

[Home] [About Us] [News] [Research]

Copyright © 2016