AOL Warns of Unauthorized Access to AOL Accounts

Posted on May 1, 2014

AOL has warned of unauthorized access to a significant number of AOL accounts. The company warned previously of a huge spam increase as the result of spoofed emails. The company is now warning that accounts were comprised as well. The company says encrypted passwords and encrypted answers to security questions were among the data taken in the breach.

AOL's investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2% of our email accounts.
AOL says, "Importantly, we have no indication that the encryption on the passwords or the answers to security questions was broken." AOL says users should reset passwords and change their security question and answer as a precaution. This is wise as it is possible the information could be decrypted by the criminals in the future.

AOL has also provided a FAQ here about the security incident.