So much for PIN via text message being a panacea to security.
Look over https://imgur.com/gallery/kfLM5SY for the social engineered exploit.
As to AOL's design, if you think it's awful, you can stop using. But some are so hooked on this or that they can't stop.
I have a firewall that blocks most advertising portals (my host file is about 1220kb) - recently AOL flagged my account for "suspicious" activity but the only thing I found suspicious was the fact to verify the PIN sent via telephone their first concern is not of security it is METADATA and how to make money exploiting it - AOL routed me through one of these sites (there is no excuse for this as even the title of the site has the word "advertising" in it). I had no choice but to allow it - or I would have been locked out of my account.
I believe this is pretty damn lame.
I will follow up this post on reddit and the forums. Thanks.