AOL suffers significant security breach, warns customers to change passwords

If you are an AOL user, take heed: Don't click on any suspiciously spammy emails, and change your password

Published April 28, 2014 5:50PM (EDT)

If you're an AOL user, you may want to reset your email password and security question ASAP. Today AOL wrote to notify users that the company is "investigating a security incident that involved unauthorized access to AOL's network and systems."

AOL began its investigation after noticing a suspiciously large number of spam emails that fell under the "spoofing" category. "Spoofing" is a technique by which spammers trick users into clicking on their toxic emails by making it appear that it is from somebody from your address book. AOL is not sure who is behind the criminal activity, but says that an investigation is underway.

What is known is how many people were affected and what information may have been compromised. From AOL's statement:

"We have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts."

Thus far, AOL has no indication that the password or security question encryption has been broken. They also don't believe that any encrypted financial information was compromised. Regardless, AOL is asking employees and customers to change their passwords and security question as a precaution. AOL also suggests following the guidelines listed at the bottom of this page.

As our lives are increasingly move online for the sake of convenience, we increasingly drag sensitive material -- loans, credit card information, bank accounts, car payments -- to the Web. With this, security and privacy are becoming increasingly important, yet also seemingly harder to come by.

Last year a security breach at Target compromised 40 million debit and credit card accounts. At the beginning of this month, the sinister Heartbleed bug was revealed. The bug was a flaw in OpenSSL cryptographic software, and still is considered a serious threat to user information on the Internet.


By Sarah Gray

Sarah Gray is an assistant editor at Salon, focusing on innovation. Follow @sarahhhgray or email sgray@salon.com.

MORE FROM Sarah Gray


Related Topics ------------------------------------------

Aol Hackers Online Security Password Security Breach Spam