AOL software flaw allows email account access without a password

Incident Date: January 2003
Incident Location: USA

A security flaw in American Onlineís mail system allowed people to read any userís email without entering a password. Attackers needed simply to enter an account name. The vulnerability, which was closed January 22, 2003, was linked to a problem with AOLís international e-mail authentication system. Sensitive information, such as passwords, account numbers, and instant message accounts were exposed.

Hundreds of accounts were reportedly compromised before the exposure was addressed. Only AOL employee accounts were spared, because they required a SecurID passcode to use the account.

Story Sources

Title: AOL security flaw leaves accounts wide open
Date: 1/27/2003
Publication: Internet Week
Publication Location: USA
Publication URL:

Do you have additional information to contribute regarding this story? If so, please email with the details and source.

<-- Back to Authentication Story Index

[Home] [About Us] [News] [Research]

Copyright © 2016