AOL software flaw allows email account access without a password
Incident Date: January 2003
Incident Location: USA
A security flaw in American Onlineís mail system allowed people to read any userís email without entering a password. Attackers needed simply to enter an account name. The vulnerability, which was closed January 22, 2003, was linked to a problem with AOLís international e-mail authentication system. Sensitive information, such as passwords, account numbers, and instant message accounts were exposed.
Hundreds of accounts were reportedly compromised before the exposure was addressed. Only AOL employee accounts were spared, because they required a SecurID passcode to use the account.
Title: AOL security flaw leaves accounts wide open
Publication: Internet Week
Publication Location: USA
Publication URL: http://www.cmpnetasia.com/ViewArt.cfm?Artid=18471&Catid=5&subcat=50
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.