AOL Inc. confirms security breach, email accounts of a significant number users may have been exposed, no financial data has been stolen.

AOL Inc. last Monday has confirmed with an official  blog post that the company suffered a massive data breach which may have compromised the email accounts of a significant number users, for this reason it is suggested to the clients of the American On-Line (AOL) mail service to change their password as soon as possible.

“Although there is no indication that the encryption on the passwords or answers to security questions was broken, as a precautionary measure, we nevertheless strongly encourage our users and employees to reset their passwords used for any AOL service and, when doing so, also to change their security question and answer. reportes” AOL in the blog post.

AOL started the investigation after it noticed a spike in spoofed emails from AOL user accounts, according first rumors of the incident, hackers used the contact information to malicious emails that appear to come from AOL email accounts. It seems that the nearly 2 percent of AOL email accounts have been involved.

“The ongoing investigation of this serious criminal activity is our top priority,” “We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place, and we urge our users to take proactive steps to help ensure the security of their accounts.” states AOL in the blog post.

The cyber criminals use “Spoofed” emails as part of phishing campaign or to send messages pretending to be a legitimate user for various types of  illicit activities. Fake make could be used for to serve malicious links to infect victims.

“Importantly, we have no indication that the encryption on the passwords or the answers to security questions was broken. In addition, at this point in the investigation, there is no indication that this incident resulted in disclosure of users’ financial information, including debit and credit cards, which is also fully encrypted.” continues the official post.

o1

 

The AOL company confirmed that at the moment there is no indication that user’s financial data, debit card numbers, passwords or other sensitive information has been obtained by the attackers due the adoption of encryption.

AOL also provided the following suggestions to users:

  • Do not click on any suspicious links or attachments in the email you received.
  • When in doubt, contact the sender to confirm that he or she actually sent the email to you or not.
  • Never provide your personal or financial information through an email to someone you do not know.
  • AOL will never ask you for your password or any other sensitive personal information over an email.
  • If you found yourself a victim of spoofing, inform your friends that your emails may have been spoofed and warn them to avoid clicking the links in suspicious emails.

Pierluigi Paganini

(Editor-In-Chief, CDM)

rsa-logo