AOL on Monday urged its millions of email account holders to change their passwords and security questions after a cyber
attack compromised about 2 percent of its accounts.
The company said it was is investigating a security incident
that involved unauthorized access to its network and systems.
The company said the investigation began immediately following
a significant increase in the amount of spam appearing as
"spoofed emails" from AOL Mail addresses. Spoofing is a tactic
used by spammers to make it appear that the message is from an
email user known to the recipient in order to trick the
recipient into opening it. These emails do not originate from
the sender's email or email service provider - the addresses
are just edited to make them appear that way.
AOL has determined that there was unauthorized access to
information regarding a significant number of user accounts.
This information included AOL users' email addresses, postal
addresses, address book contact information, encrypted
passwords and encrypted answers to security questions.
The company says it has no indication that the encryption on
the passwords or the answers to security questions was broken.
But as a precautionary measure, the company encourages its
users and employees to reset their passwords used for any AOL
service and, when doing so, also to change their security
question and answer.