Email from the AA - 'Password changed correctly' - AA hacked?

Doc_N

MoneySavingExpert.com Insert:

Huge thanks for posting Doc N. We investigated the AA situation as you all aired concerns and have published this news story:

AA accidentally sends 'password updated' email causing confusion for customers.

Back to Doc N's thread...

---

I'm guessing a fair number of us will have received this email earlier this evening:

Hi,

You’ve successfully changed your password.

If you didn't make this change, please call us on 0330 102 8005.

Thanks,

The AA Team

email@info.theaa.com

The email address is a genuine AA address (or appears to be) and the number's certainly a genuine AA number.

The AA are currently saying it's a fake email, but it's more likely that either they've been hacked or that the emails are the result of a mistake.

Either way, this might reassure people that they're not alone in having received this.


http://who-called.co.uk/Number/03301028005

filmderams

(or at least appears to be)

Details from the header of the email:

spf=fail (email@info.theaa.com does not designate 62.209.51.180 as permitted sender)
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=info.theaa.com
Looks like the emails originated from a server in Germany.

I'd avoid using the password reset/login form on the AA website until they formally announce something - if they've been hacked trying to log in could expose your password to a third party.

inkwat

Just received this e-mail so you're not the only one, slightly concerned as I can't seem to login to my AA account either so may have accidentally exposed my password.

filmderams

You'll probably be fine. It could also be that the AA's IT dept are doing a system update and its an unintended side affect of that. If they announce in the morning that it was that then you'll be good to carry on as normal. If they say they've had a more serious issue then you'll want to change passwords anywhere else that you've used the same one. I'd be tempted to suggest doing that if they delay any announcement. Fingers crossed its just a gremlin in the IT update which they will likely apologise for in the morning.

richardpb

I managed to log on ok but can't access some site areas. I hope filmderams is correct in suggesting that its a maintenance issue. Is credit card information kept on this site?

Silver_Shark

I did a Google search for AA breakdown cover and it says
"You visited this page on 25/06/17" except I didn't as I only read the email this morning (26th). I haven't been able to log in, I'm now worried I've exposed my password.

AdrianC

filmderams wrote: »

Details from the header of the email:

spf=fail (email@info.theaa.com does not designate 62.209.51.180 as permitted sender)
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=info.theaa.com
Looks like the emails originated from a server in Germany.

The AA have their mail servers listed in the SPF - Sender Policy Framework. This server isn't one of them. It's easy to get a mail server to lie about who it is.

I bet any links in the email aren't really to theaa.com

tr33m4n

Anybody heard anything from AA? I fear I may have also fallen for the login trap :S

Dimai_Coch

I sincerely doubt that an email from the AA would start with the word 'Hi'.

I would also expect them to use the member's name.

Ninja61

I too had the same email and thankfully I was at work so was going to wait until I got home to change it but will now hold off, thanks folks

heather_p03

I have also just received this email - 26/06/2017 at 08:29

No-one I know has logged in to my account - the app works but my details aren't recognised on the website!

Will wait to see what happens.