Spam emails apparently sent from AOL email addresses and hawking diet products are a direct consequence of a breach of the company’s networks and systems, officials said.
“AOL’s investigation began immediately following a significant increase in the amount of spam appearing as “spoofed emails” from AOL Mail addresses,” the AOL Mail Team shared. The company is working with federal authorities and external forensic experts to get at the bottom of the matter.
The investigation is still ongoing, but they have discovered the attackers have accessed information on about two percent of user accounts, belonging to an estimated half a million of users.
Users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions ended up taken. Certain employee information also suffered compromise.
As of now it appears encryption protection is working and no users’ financial information provided ended up accessed.
AOL has been notifying users of the breach, and is urging them to change their passwords and security question and answer just in case. They are also warning them to be wary of emails claiming to come from AOL and containing links for resetting passwords.