According to Wired News, teenage hackers claim to have used “social engineering” — i.e. fast talk and subterfuge — to compromise security at America Online.
The Wired article says that the youths have discovered ruses that allow them to convince AOLs support staff to reset passwords on accounts. The crackers also claim to have gained access to AOLs “Merlin” network management system, which is supposedly unavailable from outside the company and protected by passwords and hardware “tokens.”
Another article by The Register points out that some of the youths claims are likely to be bogus. For example, the companys SecurID “tokens,” which use rolling codes that change every minute, would likely be impossible to forge.
Nonetheless, because AOLs support is outsourced to the lowest bidder (the company recently ended contracts with firms that hired starving American college students and moved support to India, where labor could be had for still less), it is certainly possible that gullible, poorly trained, or demoralized employees could easily be tricked or nagged into compromising security. See the articles linked above for more details.