These originated about a week ago. While AOL has not acknowledged it, I suspect this was a break-in to AOL’s servers rather than hacking individual accounts. And changing your AOL password doesn’t fix it. Usually the first message actually DOES come from AOL, then the followup messages come from other sources with @
aol.com in the FROM field. The messages appear to go to the spoofed sender’s contact list, indicating that the perps really did access the AOL account. At least one of the messages I got I’m sure was not from a hacked account; the ostensible sender has been dead for 2 years.
A few people I know who were affected called AOL, and a couple of them received unofficial acknowledgement that AOL was working on fixing the problem and that it was not a simple case of a compromised email account. Forbes also had an article that mentioned AOL break-ins in February.