AOL has seen around two per cent of its user base compromised, after an attack saw hackers obtain email addresses, postal addresses, encrypted passwords and answers to security questions used to reset passwords.
According to IT News, tens of millions of email account holders have been told to change their passwords and security questions, although there was no indication that the encryption on that data had been broken, nor that customer financial information had been accessed.
AOL said it identified the breach after noticing a “significant” increase in the amount of spam appearing as spoofed emails from AOL addresses. In an official statement, AOL said: “The ongoing investigation of this serious criminal activity is our top priority. Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts.”
Keith Bird, UK managing director of Check Point said: “The company is advising its users correctly, warning them to be wary of emails claiming to come from AOL and containing links for resetting passwords.
“Large-scale breaches like this usually lead to widespread phishing attacks, which prey on people’s security concerns in an attempt to trick them into revealing more data. Users should only reset their passwords via the main website, and never from emails, no matter how plausible they appear to be.”
