Re: Possible AIM Hack?

["Steven" <steven () lovebug org>]

You could all be correct on your asssessments.  It could be a number of 
things causing the problems if they are temporary.  However, if you've been 
logged off and can no longer logon anymore -- then that is a different 
issue.  This would indicate that your account has been compromised.  If you 
have access to the e-mail address for which the account is registered you 
can request the current password or reset the password.  It appears they 
have just recently sunsetted the password change option and have gone with 
the password reset option.  It seems like it might have made more sense to 
sunset the feature that e-mails the current plaintext password to you, but 
who am I to question all of this.  These links can be found at the 
following:

Request password:

http://www.aim.com/help_faq/forgot_password/password.adp?aolp=screen_name

Reset password:

https://opr.my.screenname.aol.com/_cqr/opr/opr.psp?loginId=screen_name

To make my e-mail even longer I will continue about what else might have 
happened.  If someone had guessed your password, compromised your e-mail and 
requested/reset it, or gained it by some other means they would be able to 
logon and bump you off.  However, you should have received a message from 
AOL System Msg letting you know a duplicate sign on had occured.  I think 
there are actually a few ways to bump the user without them getting the AOL 
System Msg IM but I won't go into those.  Alternatively, if your screen name 
was something unique and one of the "sought after" screen names, there is a 
good chance it may have been stolen through some exploit/flaw.  There have 
been a number of these over the years which have resulted in the theft of 
hundreds if not thousands of screen names.  I do not know of any such 
occurence in the last few weeks though, but it could still be possible.  A 
lot of time after names are stolen they end up suspended and you will get 
the message "Sign-on Blocked. ...".  This means your name has been disabled 
by someone at AOL and there isn't a whole lot you can do.

Anyway -- hope that helps and good luck.

Steven


----- Original Message ----- 
From: "Travis Haymore" <thaymore () gmail com>
To: <belka () att net>
Cc: <incidents () securityfocus com>
Sent: Tuesday, March 14, 2006 11:25 AM
Subject: Re: Possible AIM Hack?


I've run into the same situation several times recently.  My guess is
it's some sort of glitch with the server as I run a few different
machines with GAIM clients (both Unix and M$ platforms) and it happens
to both.  I've also seen disconnections at the same times as well.

Anyone else experiences anything similar to this ?


Travis Haymore
DHS/ICE Cyber Crimes Center




On 14 Mar 2006 15:57:03 -0000, belka () att net <belka () att net> wrote:
> Here is the gist of what happened:
>
> March 8th, while using AIM, it logs me off.  When I try to log back in, it 
> tells me my password is incorrect.  When I try to rest the passowrd, I 
> receive no password rest message.  It is as if the hack changes the 
> account e-mail at the same time to prevent password rest.  Lastly, I went 
> to create a new AIM account -- but without success.  The error message 
> tells me that the service is temporarily unavailable.  I tried from 
> several computers, and from different places, to no avail.  As of 09:11 
> CST (-6GMT) AIM will still not allow new accounts to be set up.
>
> I haven't seen any news from any source about an AIM hack, but I have 
> heard anecdotally from my college aged kids that several of their friends 
> were also affected around the same time period and most have not been able 
> to establish new AIM accounts.
>
> Is any one else seeing any kind of similar activity/results surrounding 
> AIM?  Or am I just a victim of a series of unfortunate events?
>
> Thanks


--
-th


This communication is privileged & confidential to the intended recipient.