You thought you'd seen the last of it. But your old AOL email address (remember, from the nineties?) could still return to haunt you. Spammers may have broken into AOL's mail server to hijack old accounts and send tons of spam to people in the compromised accounts' address books.
Even if you don't have an AOL email address, you might still find some emails in your inbox, ostensibly from a friend, containing links to spam websites advertising miracle diets.
The spam first started appearing in the past few days, but AOL hasn't been able to fix the issue.
"Once your account i[s] spoofed, there is nothing else that can be done. I wish there was something we can do," AOL tweeted from its @aolmailhelp account.
AOL says that its servers weren't hacked, but rather that the affected email accounts were "spoofed." This means that while the messages appear to come from AOL accounts, they're actually originating from a server controlled by the spammers. AOL addresses, the company says, are merely being faked.
But as security expert Graham Cluley pointed out on his blog, "this doesn't explain how the emails are being sent to genuine contacts of those particular AOL users – have the address books of AOL users or AOL's mail logs somehow fallen into the hands of malicious third parties?"
Many angry AOL users have taken to Twitter to voice their outrage. The #AOLHacked hashtag is full of users reporting that their AOL accounts are now being used to send spam to their contacts.
AOL says that it might help affected users to switch their email settings to send emails from their own domains. But as most users probably don't own an online domain, that isn't the most helpful of advice.
- Mobile Security Guide: Everything You Need to Know
- 7 Ways to NSA-Proof Your Smartphone
- 12 More Things You Didn't Know Could Be Hacked