AOL has confirmed its Mail service has been compromised by hackers after a deluge of complaints by users who reported their accounts were being used to send spam messages to contacts, but the company has not released any details on how many accounts may have been affected.
In many instances, it appears that AOL accounts have not actually been breached, but are simply being spoofed by spammers to make it appear that the messages are coming from a specific AOL Mail user. In an effort to protect AOL Mail users’ accounts from being abused by email spoofing, AOL has changed its policy to help other mail providers filter out any messages that are sent using spoofed AOL Mail addresses.
“AOL is taking this step because spammers are sending email that appears to be from valid AOL email addresses. In fact, these emails do not originate from AOL or our customers,” AOL said in a statement.
“Rather, the outgoing addresses are edited by the spammers to make them appear to be legitimate AOL email addresses. By initiating this change, AOL Mail, along with other major email providers will reject these spoofed email messages, rather than deliver them to the recipient’s inboxes.”
AOL said the policy change may negatively impact legitimate senders of email temporarily, and users may need to adjust how they send their email messages so that they comply with the new policy outlined here, and that users should change their passwords.
“If you do find email in your Sent folder that you did not send, your account has been compromised (hacked). If you do not find any strange email in your Sent folder, your account has most likely been spoofed,” AOL’s help page on spoofing explains.
“If you believe that your account has been compromised, or that your AOL Mail email address has been used to send spoofed messages, please visit the AOL Help site.”