Download our in-depth report: The Ultimate Guide to IT Security Vendors
"AOL's investigation began immediately following a significant increase in the amount of spam appearing as 'spoofed emails' from AOL Mail addresses," the company said in a statement. "Spoofing is a tactic used by spammers to make it appear that the message is from an email user known to the recipient in order to trick the recipient into opening it. These emails do not originate from the sender's email or email service provider - the addresses are just edited to make them appear that way."
While the investigation is still ongoing, the company has confirmed that "a significant number" of AOL users' e-mail addresses, mailing addresses, address book contact information, encrypted passwords and encrypted answers to security questions were accessed.
"We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2 percent of our email accounts," the company stated.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
All AOL users and employees are being urged to change both their passwords and their security questions and answers. "The ongoing investigation of this serious criminal activity is our top priority," the company said. "We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts."