Over the past few days, a large number of AOL users reported of being victim to Email Spoofing attacks — Recipients received emails purportedly from their friend’s email ID containing links to spam web pages.
Today, AOL said it had launched an investigation into the security breach that allowed hackers to access its users’ data including email IDs and encrypted passwords.
The company said it is working with cyber forensics experts and federal authorities to investigate the security breach.
AOL have determined that the following information have been accessed by intruders : Email IDs, postal addresses, address book contact info, encrypted passwords and encrypted answers to security questions and certain employee info.
AOL said it has no information indicating that the encryption on passwords or answers to security questions was broken. Also they believe this breach doesn’t involve any financial data.
AOL suggest users to change their password as well as security questions.
Exploit CVE-2017-6079 – Blind Command… September 25, 2018 This exploit was developed based on the technical description by depthsecurity https://depthsecurity.com/blog/cve-2017-6079-blind-command-injection-in-edgewater-edgemarc-devices…