The security team of AOL, Inc. (NYSE:AOL) said it is investigating the unauthorized access to its network and systems and advised its millions of its users to change their passwords and security questions to their e-mail accounts.

aol logo

According to the company’s security team, it is working with external forensic experts and federal authorities regarding the security breach. The attackers obtained email addresses, postal addresses, encrypted passwords, address book contact information, and answers to security questions, which are used to reset passwords as well as certain employee information.

Hackers sent spoofed e-mails

“We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts…  “At this point in the investigation, there is no indication that this incident resulted in disclosure of users’ financial information, including debit and credit cards, which is also fully encrypted,” according to the company’s security team in a blog post.

AOL, Inc. (NYSE:AOL) immediately conducted an investigation after noticing a significant increase in the volume of spam that appears as “spoofed emails” from AOL Mail addresses. The company explained that spammers use spoofing as a strategy to disguise a mail as if it comes from an e-mail user.

Precautionary measures

The security team is strongly encouraging all of its employees and users to reset their passwords and security questions and answer as a precautionary measure, even if there is no sign that the encryption on passwords or answers to security questions was broken.

AOL, Inc. (NYSE:AOL) said, “The ongoing investigation of this serious criminal activity is our top priority. We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts.”

The company is sending notice to users who are likely affected by the security breach. In addition, AOL, Inc. (NYSE:AOL) also provided the following advice to users:

  • If you receive a suspicious email, do not respond or click on any links or attachments in the email.
  • When in doubt about the authenticity of an email you have received, contact the sender to confirm that he or she actually sent it.
  • Never provide personal or financial information in an email to someone you do not know. AOL will never ask you for your password or any other sensitive personal information over email.

If you believe you are a victim of spoofing, consider letting your friends know that your emails may have been spoofed, and to avoid clicking the links in suspicious emails.