The latest big name company to fall victim to a security breach is AOL. In a post on the company blog, the AOL security team reveals that it is currently working with "best-in-class external forensic experts and federal authorities" to investigate unauthorized access to the network. Suspicion was raised by a marked increase in the number of spam emails sent via spoofed AOL Mail addresses, and an investigation was immediately launched.
AOL says that a "significant number of user accounts" are affected and that the breach involves accessing information associated with these accounts. It seems that those responsible for the security breach have been able to gain access to email addresses, postal addresses, and address book contact information, as well as encrypted versions of passwords and answers to security questions.
It is estimated that two percent of email accounts are involved in the spoofing incident, but AOL is quick to point out there is currently no reason to believe that the encryption used to secure passwords and security answers has been broken. There is also "no indication that this incident resulted in disclosure of users' financial information, including debit and credit cards, which is also fully encrypted".
AOL is advising both its users and employees to change their password as well as their security questions and answers. In the meantime, "AOL is notifying potentially affected users and is committed to ensuring the protection of its users, employees and partners and addressing the situation as quickly and forcefully as we can".
Further information to follow as we learn more.
Image Credit: chevanon / Shutterstock