Viewing Story

AOL Mailserver hacked, silly passwords still in use

Posted by on 13/08/2011

4
1

AOL’s mail servers have been hacked, with vital database information being exposed via the page’s source code. While the hack may not be apparent on the Webmail page, the Postmaster page clearly showed some fail earlier today.

It is clear that AOL has not learnt a lesson from Gawker’s recent attack back in 2010 after a hacker going by the alias of “HodLuM” compromised an AOL mail server hosted at dbsmsq-m01.mail.aol.com. While it is unclear as to how exactly the database was comprimised, one things for sure is that AOL didn’t exactly hire the smartest of people to run their servers. Their genius administrators set ‘grjones’ as the username and ‘grj123′ as the password, which could easily be broken by an expert hacker in just a couple of minutes. Below you can see an excerpt from the Postmaster page.

Z0M6? Congratz! You’ve just discovered AOL priv8 dataZ
3nj0y!
/data/servers/postmaster.info.aol.com/

DB Host : dbsmsq-m01.mail.aol.com
DB User : grjones
DB Passwd : grj123
DB Name : postmaster

Currently there is no information as to how extensive the damage is and who may be affected, but our best recommendation is to ditch the dying mail host for something more reliable like Gmail where security experts may actually give a damn about their server. It also brings up the issue of setting a proper password. There are many guides on the web which assist in users developing a strong password, and we hope that the AOL techs also do some reading before they lose their jobs.

[via]

4
1
More in Computing, Featured, Policies/Ethics (19 of 70 articles)