April 29, 2014
Security Breach Hits Some AOL Email Accounts
Enid Burns for redOrbit.com - Your Universe Online
AOL issued a security warning after it experienced a security breach that the company claims affected roughly two percent of its email accounts. The online service urges users to change passwords and security questions for any AOL service.The security breach was addressed on the AOL blog on Monday. AOL began looking into the issue when it noticed a significant increase in the amount of spam appearing as "spoofed emails" from AOL Mail addresses. AOL said it is working with forensic experts and federal authorities to investigate the criminal activity.
"AOL's investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts," AOL said.
While the AOL servers were compromised and user data was taken, AOL believes that the encryption on passwords and answers to security questions remain unbroken. It is still advised that AOL users should change passwords and security questions in order to safeguard against hackers, if the data encryption are broken. AOL stores financial information such as credit and debit card data, but it does not believe the hackers gained access to such information.
The warning went out to users of AOL services as well as AOL employees, who were also advised to change their security information. AOL is working with its security team to protect against future attacks.
"The ongoing investigation of this serious criminal activity is our top priority. We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts," AOL said.
The spoofed emails came from other mail servers. "These emails do not originate from the sender's email or email service provider - the addresses are just edited to make them appear that way," AOL said.
Tens of millions of people use AOL services such as email according to the Washington Post.
AOL offered precautionary measures to AOL users, as well as online users: Do not respond to or click on links or attachments of suspicious emails. Never provide personal or financial information in an email to an unknown person. "AOL will never ask you for your password or any other sensitive personal information over email," the company said. Lastly: "If you believe you are a victim of spoofing, consider letting your friends know that your emails may have been spoofed and to avoid clicking the links in suspicious emails."
The warnings have become standard online, but bear repeating as threats become more prevalent.
AOL competitor Yahoo said earlier this month that it is working to upgrade its encryption technologies.