NEWS
NEWS
NEWS
Hackers Deface AOL Web Page, Reveal Sensitive Password Information
Midafternoon Saturday, AOL’s postmaster.aol.com website was compromised and defaced by a hacker identifying themselves as HodLuM.
The hacker modified the front page to display an AOL logo and the message: “AOL S3RV3RZ ROOT3D BY HODLUM LOLZ!”
The fun didn’t stop there for curious folks looking at the source code to the page, however; beneath the shiny veneer of the web page defacement the hacker left a gift: a lot of security information about the affected machine.
“Z0M6? Congratz! You’ve just discovered AOL priv8 dataZ,” read the message in the HTML code. “3nj0y!”
If the passwords happen to be real, the internal database password is somewhat embarrassing at six characters and containing a very common sequence.
As if to add insult to injury, the “l33t hax0rz” who pwned AOL’s server also appear to have used Microsoft Word to Microsoft word in order to prepare their defacement page. The takeaway from this? The hacker(s) couldn’t be bothered to write their own HTML by hand. Due to this and the all-caps l33t-speak nature of the message, many have speculated that the age of the taggers may be early teens.
The hack only appeared to affect one machine out of a small number of load balanced machines as refreshing the page would switch between the defaced page and the proper page for the Postmaster site. Chances are good that while the hacker had managed to get into and deface the front page, they didn’t poison the cache on the load balancer. Of course, this same effect can occur when the DNS cache is poisoned.
So far, no message about the hack has appeared on the pages nor has the AOL Postmaster blog mentioned it.
It looks as if postmaster.aol.com doesn’t receive a lot of attention from AOL. The copyright on the page still dates to 2010 and the last updated date listed is July 22, 2010. Clearly, these pages don’t receive much attention at all.
This comes at a bad time for AOL who have been suffering stock shortages. Now they have the black mark of being noticed for being hit in the scattered media frenzy covering random acts of vandalism by hackers in a similar vein to LulzSec and Anonymous whose rampage has gone beyond petty tagging and into releasing boatloads of information. Cybersecurity has become a mainstream icon of corporate capability and this sort of hack, however minor, cannot look good for AOL.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
