Hackers obtained access to AOL customer database using trojans and social engineering

Incident Date: 2003
Incident Location: USA

Hackers gained access to the American Online (AOL) customer database application named Merlin that contains information on AOLís 35 million customers. The database is accessible only from AOLís internal network and requires a user ID, two passwords, and a SecurID passcode. However, hackers have found that they can trick AOL employees into accepting a Trojan horse file using Instant Messenger or the AOL file library. If an employee executes the file, the Trojan horse connects back to the hackerís computer and allows the hacker to then control the infected AOL computer and use it to launch internal attacks.

Apparently, hackers have been able to obtain the necessary passwords and SecurID passcode by sending fake security update emails to AOL personnel or social engineering via the telephone and Instant Messaging. The hackers often pretend to be internal AOL security personnel who need the information for legitimate purposes. Hackers were also found to trade the information with other hackers.

Story Sources

Title: Hackers Run Wild and Free on AOL
Author: Christopher Null
Date: 2/21/2003
Publication: Wired News
Publication Location: CA USA
Publication URL: http://www.wired.com/news/infostructure/0,1377,57753,00.html

Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.

<-- Back to Authentication Story Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com