Midafternoon Saturday, AOL’s postmaster.aol.com website was compromised and defaced by a hacker identifying themselves as HodLuM.

The hacker modified the front page to display an AOL logo and the message: “AOL S3RV3RZ ROOT3D BY HODLUM LOLZ!”

The fun didn’t stop there for curious folks looking at the source code to the page, however; beneath the shiny veneer of the web page defacement the hacker left a gift: a lot of security information about the affected machine.

“Z0M6? Congratz! You’ve just discovered AOL priv8 dataZ,” read the message in the HTML code. “3nj0y!”

If the passwords happen to be real, the internal database password is somewhat embarrassing at six characters and containing a very common sequence.

As if to add insult to injury, the “l33t hax0rz” who pwned AOL’s server also appear to have used Microsoft Word to Microsoft word in order to prepare their defacement page. The takeaway from this? The hacker(s) couldn’t be bothered to write their own HTML by hand. Due to this and the all-caps l33t-speak nature of the message, many have speculated that the age of the taggers may be early teens.

The hack only appeared to affect one machine out of a small number of load balanced machines as refreshing the page would switch between the defaced page and the proper page for the Postmaster site. Chances are good that while the hacker had managed to get into and deface the front page, they didn’t poison the cache on the load balancer. Of course, this same effect can occur when the DNS cache is poisoned.

So far, no message about the hack has appeared on the pages nor has the AOL Postmaster blog mentioned it.

It looks as if postmaster.aol.com doesn’t receive a lot of attention from AOL. The copyright on the page still dates to 2010 and the last updated date listed is July 22, 2010. Clearly, these pages don’t receive much attention at all.

This comes at a bad time for AOL who have been suffering stock shortages. Now they have the black mark of being noticed for being hit in the scattered media frenzy covering random acts of vandalism by hackers in a similar vein to LulzSec and Anonymous whose rampage has gone beyond petty tagging and into releasing boatloads of information. Cybersecurity has become a mainstream icon of corporate capability and this sort of hack, however minor, cannot look good for AOL.