Thanks nemo for this.
America Online users, you have unwanted packages -- due either to the activities of malicious hackers, aggressive pop-up ads or a sudden widespread epidemic of shopping amnesia.
AOL has billed thousands of its users for products presented in pop-up ads after users clicked a "no thanks" button to refuse the offer, according to a lawsuit filed last week in U.S. District Court in San Francisco. The charges were made public late Monday
AOL steadfastly maintains there are no glitches in its shopping system that could have resulted in the erroneous charges and shipments. Users insist that they did not mistakenly click "Yes" when they meant to click "No." So who made the purchases?
A group of hackers who focus on finding security holes in AOL's systems contend the most likely culprits are a bunch of bored kids who hacked into AOL accounts, perhaps with the assistance of disgruntled AOL employees.
Members of this group recently reported two major security holes in AOL's Instant Messenger program.
Although it's far from certain that kid-crackers are to blame for the shopping sprees cited in the lawsuit, it's possible that once a cracker has a user's screen name and password, he can log on as the account user and order merchandise through AOL's shopping service. Products ordered through the service are automatically charged to the account holder's credit or debit card.
These hackers say AOL passwords are remarkably easy to come by, claiming that they sometimes gain access to accounts with the aid of AOL employees who provide information in exchange for a share of the spoils.
News source: Wired - Are Crackers Behind AOL Spree?