AOL on Monday urged its millions of email account holders to change their passwords and security questions after a cyber attack compromised about 2 percent of its accounts. The company said it was is investigating a security incident that involved unauthorized access to its network and systems. The company said the investigation began immediately following a significant increase in the amount of spam appearing as "spoofed emails" from AOL Mail addresses. Spoofing is a tactic used by spammers to make it appear that the message is from an email user known to the recipient in order to trick the recipient into opening it. These emails do not originate from the sender's email or email service provider - the addresses are just edited to make them appear that way.

AOL has determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions.

The company says it has no indication that the encryption on the passwords or the answers to security questions was broken. But as a precautionary measure, the company encourages its users and employees to reset their passwords used for any AOL service and, when doing so, also to change their security question and answer.