Hackers obtained access to AOL customer database using trojans and social engineering
Incident Date: 2003
Incident Location: USA
Hackers gained access to the American Online (AOL) customer database application named Merlin that contains information on AOLís 35 million customers. The database is accessible only from AOLís internal network and requires a user ID, two passwords, and a SecurID passcode. However, hackers have found that they can trick AOL employees into accepting a Trojan horse file using Instant Messenger or the AOL file library. If an employee executes the file, the Trojan horse connects back to the hackerís computer and allows the hacker to then control the infected AOL computer and use it to launch internal attacks.
Apparently, hackers have been able to obtain the necessary passwords and SecurID passcode by sending fake security update emails to AOL personnel or social engineering via the telephone and Instant Messaging. The hackers often pretend to be internal AOL security personnel who need the information for legitimate purposes. Hackers were also found to trade the information with other hackers.
Title: Hackers Run Wild and Free on AOL
Author: Christopher Null
Publication: Wired News
Publication Location: CA USA
Publication URL: http://www.wired.com/news/infostructure/0,1377,57753,00.html
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.