AOL Investigating Data Breach'Significant Number of User Accounts' Affected
The information exposed includes AOL users' e-mail addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that are asked when a user resets his or her password, as well as certain employee information, according to an April 28 company statement.
"AOL's investigation began immediately following a significant increase in the amount of spam appearing as 'spoofed emails' from AOL Mail addresses," the company says.
"We believe that spammers have used this contact information to send spoofed e-mails that appeared to come from roughly 2 percent of our email accounts."
AOL says it has no indication that the encryption on the passwords or the answers to security questions was broken. There's also no indication that the incident resulted in disclosure of users' financial information, including debit and credit card numbers, which are also fully encrypted, the company says.
"The ongoing investigation of this serious criminal activity is our top priority," AOL says. "We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts."
The company has also posted an FAQ page about the incident.
AOL did not immediately respond to a request for additional information.