AOL reveals ‘unauthorized access’ to network

By Erin Ayers on April 29, 2014

aol-logo-13AOL reported a security breach this week, after noticing an uptick in the number of spam emails and discovering “unauthorized access” to its network.

“Spoofed” emails were sent out, appearing as though they came from AOL accounts. AOL explained these emails do not actually originate with the email address or email service provider, but the breach means that spammers did access the system.

“AOL’s investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts,” the company said on its blog.

“This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2 percent of our email accounts.”

AOL said it did not appear the encryption on passwords or security questions was compromised, nor has the investigation revealed any disclosure of users’ financial information.

The company noted, “AOL is working with best-in-class external forensic experts and federal authorities to investigate this serious criminal activity.”

AOL said it is in the process of notifying affected users, but also recommended that customers change their AOL email passwords and not to click on links or attachments in any suspicious emails.

eayers@advisen.com'

Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].