AOL’s free email service may not be as popular nowadays compared to Outlook.com, Gmail or even Yahoo Mail. However, the service still has over 20 million accounts and on Monday, AOL said that it got hit with a cyber attack.
In a press release, the company said it started an internal investigation following reports of an increase of spam email that were spoofed from AOL Mail addresses. It added:
AOL’s investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information.
The unknown cyber criminal group is believed to have used this information to generate the spoofed email messages from about 2 percent of AOL’s email accounts; the company is now urging all of its email users to change their passwords.
The good news? AOL claims there is no evidence that any encryption methods on the passwords or security questions have been broken. There’s also no indication that any financial information such as credit card numbers were taken during the attack.