On my Hotmail account I received an email from AOL stating “here is your
password you have requested” and it gave me the correct password to an old
email account that I have not used in years. No one from my household requested
a forgotten password. Why would I receive this email? Is this something a virus
could do or an outside source? I am concerned someone out there is trying to
gain access to my computer.
It’s kinda spooky when that happens, but happen it does. It’s particularly
unnerving when the password reminder is “correct” – meaning that it’s reminding
you of your correct password. That tells us something, but for the most part
what to do next is usually the same regardless.
Become a Patron of Ask Leo! and go ad-free!
Since the reminder included your actual password, you know it’s real. In
your case, it’s a real password reminder generated from AOL in response to
someone asking for it. Had it not had your correct password, I would have
immediately assumed it was nothing more than a phishing attempt.
I can think of several ways this might happen:
Someone entered your email address on an AOL password reminder form. I’m not
really sure why they would do this intentionally, unless they thought that the
password would be displayed instead of emailed. Password reminders are safe
explicitly because they’re emailed to the account owner – only someone with
access to the account would be able to get the reminder. More likely is that
someone mistyped their own email address, and entered yours by mistake.
If you’ve registered on a bulletin board, mailing list or a discussion
group, you’ll usually need to provide a valid email address for activation.
That same email address is used to send you your password reminder should you
ask for it. Same scenario as above, most likely someone might mistype their
registration name, typing yours instead, and any password reminder would get
sent to you instead of them.
“My money is on someone mistyping or misremembering
their own account or email name, and entering yours by mistake.”
Some mailing list software, a package called “mailman” in particular, is
configured to send out monthly password reminders by default. If you’re on a
mailman-hosted mailing list, this might be the cause.
There’s a small possibility that a web crawler or spider is hitting all
links on various web pages, and one of those happened to be a password reminder
link with your account. Conceivable, but highly unlikely.
My money is on someone mistyping or misremembering their own account or
email name, and entering yours by mistake.
Real or phishing, the next step for you to take is actually quite
Delete the mail.
Don’t click on any links in it, don’t act on it, just delete it. Whoever
requested your password – regardless of their intention – did not get it. You
If you are particularly concerned, you might consider changing the password
on that account as a precautionary measure.
And finally, let’s be clear: this isn’t about getting access to your
computer, this is about your email or other account on-line. Passwords on and
to your computer are not dealt with via email.