Maybe it was that column I wrote recently about AOL buying the Huffington Post, but I swear AOL has turned on me. Share my pain.
Back in the early 1990s I got an AOL dial-up account to use while traveling. It was one of the few Internet services that had global dial-up, so I could get connected from England to India (and did). I kept the account out of sheer laziness, as I am sure do many of the 3.65 million remaining AOL paying dial-up customers, but eventually AOL-itself converted my e-mail to free and escaped from my credit card bill. So then I had a free AOL e-mail account to go with my Yahoo Mail and others. No big deal.
Until someone contacted me yesterday saying they were being spammed from my AOL account. Time to shut that puppy down.
Only I can’t.
To change any free AOL settings you have to first answer a security question, which in my case is “where was your first job?” As best I can remember my first job-job with an actual paycheck was working at a library back in Ohio shelving books when I was 12 making, as I recall, 75 cents per hour. So in answer to the security question I typed “library.”
Invalid answer.
“Public library.”
Invalid answer.
Those are the only two permutations I could come up with. Listen, it’s my life and I am telling you the frigging answer is “library.”
Okay, so I clicked on “forgot security question,” and AOL took me to an alternate page where I was requested to provide my address, day and evening phone numbers, and the last four digits of my credit card number all from 1996!
I can’t contact support because free accounts don’t get any, but I can upgrade to a $4.99 per month level that does offer support then cancel within 30 days. Hell, I’ll cancel within 30 minutes.
AOL won’t let me upgrade.
They can’t even take my money, at least not tonight.
So I sent some nasty messages to AOL customer support, but since I don’t get any support the messages don’t really go anywhere and weren’t satisfying in any case. All I could think to do then was to go into the e-mail account itself and empty my old address book and delete every piece of mail. I’m not sure it will help, though, because I can’t change my password and whoever has hacked me seems to have consolidated my address book with one from a guy whose interest in penis enlargement is, well, large.
What do I do? How would you escape from AOL Hell?
Could you report your own account for abuse (e.g. abuse@aol.com)? Maybe they would shut it down if they thought a real spammer was using it.
Ah, deja-vu!
Moniker tried to auto-renew my domain names using my shredded credit card. So they sent me an email from a Moniker domain. I tried to tell them that I no longer needed their service, so I used THEIR tech support email address.
Their response: ”
Thank you for contacting Moniker’s Client Support department.
IMPORTANT: THIS E-MAIL BOX IS NO LONGER BEING MANNED BY MONIKER SUPPORT
STAFF.”
So, in order to settle the score with them, I should have called (overseas-something inc.) and explain (to an automated system) the issues with my account and then wait from 4 to 6 hours for them to get back to me.
Moniker, please suffer a slow and painful death!
That’s why I WROTE everything down a long time ago, when I had eight different e-mail accounts. I keep my book of passwords and security questions for e-mail, websites, etc., always at hand. It also helps I change my passwords every other month (it used to be twice a week – yeesh! – when I was really security paranoid), and I dumped five of my e-mail accounts in past two years, mainly because I do not use them anymore. I even dumped Juno, only because I didn’t feel like paying for any e-mail account anymore and United Online no longer seemed useful or exciting, even the portal was a wasteland that made my old AOL/Netscape page seem rich in content in comparison.
You’re paying the price of being of not being diligent – who’d ever thought one would ever dump their AOL, right? – and now your account has been hijacked. You’re getting off light. Think of all poor devils who use the SAME password for every e-mail and website … and there are hundreds of thousands, if not millions of those suckers.
you’ll be paying the price for being diligent if anyone ever gets their hands on that notebook
Really – That is sound advice. I will be sure to do something just like that if it ever happens again, in the past…in 1996. The Jib here is NOT that B.C. _Forgot_ his first job, First Girlfriend, first car etc. The rub here is not User Error in the conventional sense, but user error in the BIG sense. He did manage to alienate someone who reset his credentials. Then what?
Kevin,
You may sound a bit extreme, but it’s not at all difficult in this day and age to keep all that information in an encrypted password manager… I’ve been doing so for the past 10 years (switching when I found better tools).
Nowadays I’ve migrated everything to 1password, which works great with dropbox (and their equivalents). Other options exist, but they’re all reasonably secure.
More available, scalable and secure than a little black book.
Especially if I had the connections that you have, I think I would try to find an “in” at AOL. You know, like the 6 degrees of Kevin Bacon game, but you’re going for a contact in the executive team. Searching your Linkedin network would be the web 2.0 way to do this, I guess…
(God, I really hate saying this. I HATE saying this…)
“This looks like a job for Quora.”
What does having an account have to do with someone saying you’re spamming them? Address could be spoofed. Even if you never had an account, someone could send mail that looks like it’s coming from there.
While spoofed addresses are indeed common, another source of real pain is poor password hygiene (using the same password on multiple sites). You open an account at http://www.insecure_retailer.com with your email account name and use your ‘lucky’ password. Insecure Retailer gets hacked and the list thieves try using your retailer account password on your email address. Bingo!
Ask me how I know.
Thanks. I just went and changed a couple of my passwords.
How do you know?
Your InsecureRetailer.com idea intrigues me and I’d like to subscribe to your newsletter…
[…] This post was mentioned on Twitter by Robert X. Cringely and Samuel's Feed, Cringely2tw. Cringely2tw said: AOL Hell: Maybe it was that column I wrote recently about AOL buying the Huffington Post, but I swear AOL has tu… http://bit.ly/dQDfzc […]
Hahaha… would you like to swap it for hotmail / msn hell? It’s not a better experience, just different…
I’ve kept on and off a hotmail account for a few years. It’s a shame-faced spam-magnet (to the extent that it actually crows “hooray” when there’s no spam in my junk mail folder, even if I deleted the spam myself) it works badly, sloooowly, very slowly, as if the servers were stowed on a convenient asteroid and only occasionally were in touch with the mother planet when they felt like some loving home contact, my contacts would disappear, reappear, links lead nowhere, pages appear saying something like “the item you wished to view may never have existed or may have disappeared”… something like that, I don’t know, hotmail / msn clearly don’t know either… I can’t offer the exact wording right now, it’s simply that I can’t view the offending pages anymore because I now see only “Your account is temporarily blocked”. I have come to believe “temporarily” is a euphemism, I’m just not sure what for yet. It’s probably something referencing the words “hell” and “freeze over”.
Anyway, my account is now blocked, as well as yours. I could supposedly use the “Verify your account” page… well, this leads to a page where I can input a mobile phone number, to which msn will wondrously send a text message with the holy unlock code… yes… in my dreams…
There are various apparently random incantations of mobile-number page; correct use probably depends on the phases of the moon and whether I have correctly scattered the goat’s blood at the crossroads, but I have never yet managed to enter my mobile phone number to the hotmail / msn goat-deity’s satisfaction…
You see, my problem is that my mobile number is Mexican, and while some page incantations (obviously various pieces of recycled code, unhappy in their previous executables and no presumably more happy in their current ones) insist on a 3-3-4 digit US-exclusive format number, and while some actually admit after some poking and teasing that Mexican phone companies actually exist (i.e. we’re not all sleeping off a marijuana session in the shade of a convenient cactus), none, I repeat none of them will admit that there is a “1” between the country and city codes for mobile phones in Mexico. Which there is. And has been. For several years now…
I’m leaving out several iterations of using and abandoning the internationally accepted “+” for country codes, various spaces and “-” signs in various places, for brevity and the readers’ patience: to cut the story short, hotmail / msn can not and will never send me an unlock code.
No. Never. Not even if I offer my first dog’s name, my last hamster’s name, any of the places I’ve lived or worked… customer feedback leads in a depressingly inexorable and terminal way to the wastebasket, this much is clear before one even clicks on the link offered: no reply will ever be forthcoming.
No way would I ever offer these imbeciles a credit card number, ever, not even my worst enemy’s.. we’re not necessarily talking about malevolence here, but of a monumental corporate incompetence which takes chunks of failed projects and hacks them together in a slapdash construction whose only purpose is to lure people in for long enough for them not to get away again.
Welcome to hell. Come on in, it’s cozy here. You know you deserve to be here. Why don’t you warm your hands by the fire while you wait for a reply?
Don’t the people being spammed from “your account” have a spam filter? I would just ignore them myself. Send their email protests to your spam bucket. Case closed.
…and now you understand how AOL claims to have so many users. Since nobody can ever leave, they inevitably have hundreds of thousands (if not millions) of “Zombie” accounts.
Now that AOL has Huffington Post, it might just have more free contributors than it does account-holders.
Perhaps they can just have a “contribute this to HuffingtonPost” checkbox when you compose your email on AOL mail?
Have someone in your vast network of contacts hack back into your account for you.
Bob, Maybe the security question was implemented somewhere along the way and was something you never actually entered at all. Maybe try leaving it blank. Probably will not work, but what hey? Its worth a shot. Or maybe that was how it got hijacked in the first place. Programmers do goof up occasionally.
Unless things have changed in the last 6 months since this happened to me, it wasn’t that hard for me to get it fixed. Even though I have a free account I was able to get assistance through both online chat and through the phone for account problems.
I remember that time period well. I too had an AOL account. What was interesting was the first batch of spam I received on it. It came within minutes of setting up my account. It knew my name, address, and other personal information. Heck, they probably knew the last 4 digits of my credit card. The reason was simple, AOL was selling subscriber lists to advertisers — almost in real time. Of course AOL denied this. I contacted some of the advertisers through a network of friends. I found out they were in fact buying contact lists from AOL and AOL was definitely selling.
When I got my first broadband connection I went shopping for a better email provider. I signed up with about a dozen firms. One of my tests to do nothing with my account for a couple weeks and see what happens. If I started receiving personalized spam — then I knew…. One of America’s little dark secrets is the spam industry really got its start from many of our biggest Internet firms and their email services.
Good luck with shutting down your AOL account Bob.
John
That’s why security questions suck. You have to write them down or otherwise record them just like passwords. “Where did you meet your spouse?” Hmmm… New York? NY? NYC? Empire State Building? How _did_ I answer that question???
Security questions! Don’t get me started. What are questions that only I would know but are sufficiently memorable that I can reproduce them some years later? I’ve essentially had to resort to creating a fictitious self with a few memorable characteristics. But wait – it’s even worse than that! – as far as I can tell, security questions and answers are cleartext, not hashed, so we really should be using different ones for every service. Question: why do we call them “security” questions?
I don’t know why we all feel compelled to leave accurate answers to security questions. After all they are just matching strings with strings so leave the same answer to all the security questions regardless of the actual question.. just like a secondary password.
I had the similar problem with time warner cable. I prefer to be on their auto-pay system. But when my credit card expired they couldn’t get the payments. I couldn’t update the account because I forgot the login. It’s auto-pay so I don’t want to log in. I want to set it and forget it, which is what I did until they shut off my service. I clicked forgot password, but that only sent an email to my old email address that no longer worked. I called them up but they weren’t allowed to touch anything on the web-access from the phone. Not even the supervisors. And I couldn’t set up a new account because “someone,” me, had an account at that address. What would people do if they had access to my account? Pay my bill? Order me playboy channel? After hours calling every day I just gave up and sent them old fashioned checks.
I was delighted a few months after I moved this year when I realized I could set up a new account and finally turn on the auto-pay.
Step 1 – stop relying on historical questions like “where was your first job?”.
Store all passwords and security questions in a database like “keepass”. And treat those questions like secondary passwords… the arbitrary pass phrases that they really are.
The answer to “where was your first job?” is clearly “banana”.
Alan Porter
Yeah, what Alan said. I prefer PasswordSafe (which defines a database format and for which there are many clients for different platforms) but anything cross platform should work. Combine that with something like dropbox to have the database synced between your computers. My PasswordSafe literally has hundreds of passwords stored.
On a side note, imagine what your wife will have to go through should you pass away untimely. When my sister-in-law’s husband suddenly passed away, she spent scores of hours trying to access his accounts. My wife has the password to my database and knows how to access it. Like life insurance, it’s a way of taking care of someone even after you’ve passed. Using a database that your spouse can access is an act of love.
Would sending a nastygram to their legal dept telling them something like “cease and desist”, “accomplice of ID theft” work? After all they must have a boatload of paranoid lawyers, and usually the direct effect would be to close the account and ask questions later.
Of course, anyone can forge anyone else’s email address so its possible this email didn’t come from your AOL account and it probably it hasn’t been hacked. Ask an email administrator to examine the FULL[1] headers of the spam message to confirm.
[1] Most email clients hide the full headers, you will need to ask whoever received the message to go into his menu and find out how to display full headers (forwarding the message probably will not send you the full headers either).
Same thing happened to my wife’s gmail account yesterday. The culprit didn’t change the password, but did change the security question. Very strange and easily fixed. Go Google!
Gmail now has 2-factor auth (in a way).
I’d recommend that if you’re paranoid of getting cracked again.
Of course, a better password or universal password manager (w/generator) is probably the most efficient approach.
Apparently a Nokia shareholder’s revolt is in the making . . . now what if Cortez’s men, seeing him about to torch their ships, decided to fragg him instead? Perhaps that trick (burning your own ships) only works once in history, and anyone who tries to copy it gets lynched. Orson Wells said other people tried the “War of the Worlds” trick in other countries (staging a play as a newscast) and they were promptly jailed for it.
Weird timing. Just yesterday I was playing tech support for my Mom and, unbeknown to me, was still using AOL (incidentally, despite having fios, she’s using the dial-up version). She forgot her password and to get it reset we needed her favorite movie. According to my mom, she doesn’t have a favorite movie. So we tried the first few movies that occurred to her and then moved on to the billing credit card. Which of course she doesn’t have any more. At that point, I told her it was time to set up a gmail account.
The legacy of Steve Case persists. Change management, redecorate the offices, fumigate, whatever… it’s indelible. And still financed dishonestly, by the millions of unsuspecting dupes they have the nerve to call “users”.
Sign up for a entirely new account under the cheapest deal they offer. Get some tech support for that account. Ask about your free account during the call and mention the spam. Talk to a manager. Complain loudly. Tell them you’ll write a blog entry about the issue that will be read by millions if they don’t do anything.
That should work.
When my credit card expired, instead of sending me an email to update my card info, AOL locked me out of my acct. I was so pissed off I never went back. And, have done my best to get others to cancel their AOL accts.
As for my account hell, IDT gets my nod. I opened an acct with them after canning my AOL acct, but coudn’t get through to cancel it. This went on for a few days until I wormed my way through customer service via the ‘new acc’ menu option. Funny there was always someone there to pick up that line, but support never did.
Very similar to when Yahoo! started charging for POP3 access – I went to sign up for the $30/yr only to have Yahoo! Wallet not accept my card. Nothing I could do; and no one to call – since Yahoo! doesn’t have a phone support system. Everything in every field was correct, but Yahoo! couldn’t figure it out.
So I used Yahoo! POPS – a free webmail to HTTPS converter. Worked great. After several years I did try to pay Yahoo! again, and got it working. But what a pain it was.
OMG! There are people who actualy answer security questions!
I use an algorithm to provide random characters to security questions.
Also, I use a password database app.
Security questions have got to be one of the top stupidest ideas ever. Security images are the second stupidest.
So… how do we make online identification idiot proof?
What is your favorite book?
What is your favorite movie?
What is your favorite color?
Should the people who implement security questions eat s**t and die? I think everyone could remember the answer to that question.
My rule of thumb: Never do business with anyone that doesn’t provide phone support. And before creating an account, call tech support to see who answers, give them a problem and see how they react..
A good idea, though not without problems. Wouldn’t surprise me at all to see a company to offer phone/chat/email support when they’re young and then decide that’s too much trouble after 10 years or so.
My wife, a long time AOL user, got some gripes from people that they were being spammed by her AOL address a couple months back. Since I was one of the people being so spammed, it was easy to verify that the messages were not, in fact, coming from AOL’s service.
The messages, however, did seem to be going to people in her AOL address book. So there was some AOL connection somehow. Logging into her account did not help us track this down and the spam stopped in a couple of days.
I suspect, given how often I have to clean her computer, that some trojan out there is set to grab AOL address information and report it back and that she picked it up somehow.
Where you at Robert Young?? What’s up now!
call Arianna, she’s on the board now.
Welcome to America!
Call the support number, they will help you…. eventually!
I had this happen on one of my 7 free AOL address. I couldn’t get in and change anything from my master account since I didn’t remember any of my answers from 94-96 when I first joined.
They asked me many questions, all of which I don’t think I answered correctly because they wouldn’t give me any hints about what time period I needed. I had 5 different billing addresses to try, no idea what credit-card I used and got the other security answers wrong (first job)
Eventually after being VERY persistent/upset they reset my password. I guess I knew enough about my account / info that the person knew it was really me.
Its your account they need to reset the password!
I’m suspicious about these Cringe “confessions” that Bob has been broadcasting.
Something is up.
Bob, what a disappointing post. I was so excited the other day to see that you had contacted me directly! I admit I was a little surprised that your message showed such an interest in enlargement, but still, one could look at it as a technology issue.
And now, you disavow your participation in our personal exchange of thoughts. Does this mean you’re not going to send the gizmo after all? : )
Good luck with your accounting
Bob, the problem is this: “library” is socialism, plain and simple, and therefore cannot be discussed in this day and age. Try “bookstore”. That ought to get you back in to your account.
Robert,
Perhaps you could use your connections to INQuire to some AOL execs why the AIM, AOL Mail and other registration servers have been FUBAR for months, refusing the creation of new accounts, which are, supposedly, free.
https://www.techeye.net/internet/aol-refusing-new-accounts-thanks-to-fubar-server
I sent email to several AOL execs and some techies, to no avail.
Shooting themselves in the foot in this way is curious, to say the least. And to this day, I continue getting the same server misconfiguration error from their servers when clicking on any of the “Sign up” links. (Yes, I actually make use of AIM / AOL Mail, it´s one of the few totally free and standards-compliant IMAP mail accounts you can still get, never mention to 3-letter domain name, which makes it easier to speak the address on the phone).
FC
There are two wonderful plugins for Firefox that are quite popular. One opens up a sidebar and shows all the wifi users around you that have account sessions open on various services, most notably: Facebook. Click on any of the sidebar items and VOILA! You are now logged in under that user’s session. Free to change passwords left and right.
The other wonderful plugin is HTTPEverywhere that prevents this from happening to you.
Guess which one you need to get right NOW!?
Thats HTTPSEverywhere, the key letter being S as in secure.
I suppose you *could* try publicizing the problem in the periodic column of one of the most widely read technology commentators.
I’ll link you at Tatler too. 🙂
Presumabky your interest in resolving this is only to stop your friends/acquaintances from being spammed and you’re not bothered about the email address itself. If you spam your own mailbox with large attachments maybe it will freeze your account for being over quota.
I’ve always described AOL as AOHell the big blue triangle of death. Ya I know this wasn’t helpful. I find dealing with faceless corporations futile anyway and only perseverance and phone calls until you are blue in the face are what eventually solves it to an unsatisfying conclusion.
Easy.
Threaten to sue them.
Have a lawyer friend call. Make sure he sounds very serious.
I’m sure there’s some section of US Code they’re violating. He’ll need to look that up.
Contacting them with this directly through their legal department will get this resolved in no time.
Same here, I still have my old aol mail account cause aol was the first provider with an affordable flatrate over here. At the moment I use the aol adress as spam collector… several thousand unread messages.
Bob, is that big announcement about the Startup Tour still coming this week? Looking forward to it.
Bob, any chance you used the name of the town in your password, ie “Springfield library”?
Something similar happened to me and if I remember right the magic word was “fraud”. Once you can get a fraud investigation started at AOL (which they seemed to take seriously) you are on the quick road to recovery. So another year or two.
man,this is my website page,please help me
https://www.puma-shoes.org
thank u very much.
Ah yes, the old forgotten security question answer problem. I went through this kind of thing years ago and learned my lesson. Here is my solution: I use a standalone encrypted password program….I’ve been using Password Agent for some time now. I NEVER use the same password for any of my accounts. The program has a random password generator. My passwords are 16 character strings made up of random letters and numbers. I NEVER, NEVER, EVER provide real info for security questions. All the answers for the security questions are works of fiction and the answers are always different from account to account. Password Agent has a notes section attached to each password entry were I record answers to security questions for the respective accounts. The password file is backed up to several different locations every time an entry is changed or a new entry is added. Even if someone does hack one of my accounts, the info is useless for all my other accounts. The only danger is that someone gets hold of the encrypted file and figures a way to decrypt the thing.
Bob. Do You really believe that AOL still exists?
Buy $10 Replica Designer Sunglasses with 3-day FREE SHIPPING
Online UK costume and fashion jewellery shop with,
Beaded Magnetic Bracelet for Health
Wanna buy some cheap and good watches? then replica watches are your best choices, these cheap watches can save you a lot of money, to buy replica watches the best way is to buy watches online, you can find the best replica watches online, there are many fake watches for you to choose, such as replica rolex watches and replica rolex watch, and replica omega watches and replica omega watch and replica cartier watches and replica cartier watch.
Excellent work once again. I am looking forward for your next post.
I will continue to focus on
I am going through the EXACT same thing. I could have written this post myself! Have you figured anything out yet?? I am in the process of switching all my email to a safer account.
denmark oplysninger…
[…]I, Cringely » Blog Archive » AOL Hell – Cringely on technology[…]…
Wow, awesome blog structure! How lengthy have you been blogging for? you made blogging look easy. The full look of your site is wonderful, as smartly as the content material!
phat to roi tai ha noi…
[…]I, Cringely » Blog Archive AOL Hell – I, Cringely – Cringely on technology[…]…
Abercrombie Pas Cher
acknowledge my very own apology for this miscalculation the appropriate link is: