AOL announced today that the Web firm has determined that a “significant number” of AOL user accounts have been affected by what the company called “unauthorized access,” according to this official blog post. This comes after the company warned against “spoofing” attacks last week, which attempt to trick people into opening emails by masking the email address that appears in the “From” field.
AOL reveals that the information which became vulnerable as a result of the hacks includes email addresses, postal addresses, contact information in address books, encrypted passwords as well as the encrypted answers to security questions. AOL also states that “certain employee information” was compromised, but didn’t provide details on what type of information that could consist of.
Additionally, AOL says that the company has not seen any indications that the encrypted passwords and answers to security questions were “broken.” Fortunately, financial information, including debit and credit card data, appears to be safe, AOL claims.
There’s also a link between the spoofing attempts, and these account breaches.
“We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts,” the AOL Mail Team said.
AOL recommends that, as a precaution, users should change their passwords for “any AOL service,” as well as their security question and answer. In the meantime, AOL is working with federal authorities on an investigation into this matter, and is sending notices to “potentially” affected users, notifying them of the breaches.