AOL says encrypted passwords and other user data compromised hacker attack
AOL today said it's investigating a "security incident" involving unauthorized access to its network and systems that resulted in the possible theft of user data, including email addresses, postal addresses, address book contact information, encrypted passwords, encrypted answers to security questions that AOL asks when a user resets his or her password, and certain employee information.
External forensic experts and federal authorities are helping AOL in its investigation. AOL said it started looking into things after noticing a "significant increase" in spam appear as spoofed emails from AOL Mail addresses. The company believes that spammers used used stolen contact information to send spoofed emails that appeared to come from about 2 percent of its email accounts.
"Importantly, we have no indication that the encryption on the passwords or the answers to security questions was broken. In addition, at this point in the investigation, there is no indication that this incident resulted in disclosure of users' financial information, including debit and credit cards, which is also fully encrypted," AOL said.
Nevertheless, AOL is strongly encouraging users and employees to reset their passwords, along with their security questions and answers.
More information can be found on a special FAQ page AOL posted in relation to the security breach.