29 Apr 2014
AOL systems have suffered a security breach that impacted 2 per cent of all AOL email users after a campaign of spoofed e-mails, AOL’s says. AOL started notifying users about unauthorized access to its network and systems.
“Importantly, we have no indication that the encryption on the passwords or the answers to security questions was broken. In addition, at this point in the investigation, there is no indication that this incident resulted in disclosure of users' financial information, including debit and credit cards, which is also fully encrypted,” AOL said in a blog post.
Federal authorities and forensics experts are investigating.
So far, AOL has determined that a significant number of accounts had personal information accessed.
“This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information.gn.”
AOL advises users to reset their passwords and change the security questions and answers even though it has no evidence that encrypted passwords or security answers were jeopardized.
The company also recommends users be pro-active regarding cyber risks by not replying to suspicious emails, not providing personal or financial information and verifying email authenticity when needed. If a user believes he is a victim of spoofing, he should tell his email contacts.
Last week, AOL email users’ complained about their accounts being compromised and used in spam campaigns.