|
Hackers obtained access to AOL customer database using trojans and social engineering
Incident Date: 2003 Incident Location: USA Hackers gained access to the American Online (AOL) customer database application named Merlin that contains information on AOL’s 35 million customers. The database is accessible only from AOL’s internal network and requires a user ID, two passwords, and a SecurID passcode. However, hackers have found that they can trick AOL employees into accepting a Trojan horse file using Instant Messenger or the AOL file library. If an employee executes the file, the Trojan horse connects back to the hacker’s computer and allows the hacker to then control the infected AOL computer and use it to launch internal attacks. Apparently, hackers have been able to obtain the necessary passwords and SecurID passcode by sending fake security update emails to AOL personnel or social engineering via the telephone and Instant Messaging. The hackers often pretend to be internal AOL security personnel who need the information for legitimate purposes. Hackers were also found to trade the information with other hackers. Story Sources Title: Hackers Run Wild and Free on AOL Author: Christopher Null Date: 2/21/2003 Publication: Wired News Publication Location: CA USA Publication URL: http://www.wired.com/news/infostructure/0,1377,57753,00.html Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.
<-- Back to Authentication Story Index |