|
Hackers take over AOL accounts by mumbling to customer service
Incident Date: 2003 Incident Location: USA American Online (AOL) customer service failed to properly verify customer identities before providing hackers with access to the accounts of other people. The hackers rely on social engineering to convince AOL customer service personnel to reset the password of an account. The surprising twist is that AOL security procedures for verifying a customer’s identity can be defeated if the caller is hard to understand. A hacker, using the pseudonym hakrobatik, confirmed that mumbling is an effective technique. "I kept calling and pretending I just had jaw surgery and mumbling gibberish," hakrobatik said. "At first I had no info except the screen name, then I called and got the first name and last name by saying, 'Could you repeat what I just said?' Then each time that I got information I called back making the real information understandable, and everything else I just mumbled." The hacker reported that many customer service personnel got so frustrated having to ask him to repeat information that they would just skip the verification steps and reset the password. In addition, hackers typically target customer service personnel at offshore AOL call centers in India or Mexico, claiming that these employees are less savvy and have less training than their American counterparts Story Sources Title: Hackers Run Wild and Free on AOL Author: Christopher Null Date: 2/21/2003 Publication: Wired News Publication Location: CA USA Publication URL: http://www.wired.com/news/infostructure/0,1377,57753,00.html Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.
<-- Back to Authentication Story Index |