US media giant AOL has urged its tens of millions of email account holders to change their passwords and security questions after a cyber attack compromised about 2 percent of its accounts.
The company said it was working with federal authorities to investigate the attack, in which hackers obtained email addresses, postal addresses, encrypted passwords and answers to security questions used to reset passwords.
It said there was no indication the encryption on that data had been broken, nor that customer financial information had been accessed.
A company spokesman declined to say how many email accounts are registered on its system.
AOL said it identified the breach after noticing a "significant" increase in the amount of spam appearing as spoofed emails from AOL addresses. Such emails do not originate from a sender's service provider, but their addresses are edited to make them appear that way
“The ongoing investigation of this serious criminal activity is our top priority,” AOL said. “Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts.”
