SAN FRANCISCO (USATODAY.com) — AOL on Monday said it is investigating a security breach related to a spike in spoofed emails from AOL user accounts.
The company confirmed that there has been unauthorized access to a "significant number" of accounts.
Information that may have been exposed included AOL user email addresses, postal addresses, contact information, encrypted passwords and encrypted answers to security questions that AOL asks when a user resets a password, along with some employee information.
AOL said it believes spammers used the information to send spoofed email that appeared to come from about 2% of AOL email accounts.
Spoofing is a tactic spammers use to make it appear that a message is from someone familiar, in order to trick the recipient into opening it. The emails do not originate from the sender's email; the addresses are just edited to make them appear that way.
AOL's investigation is still under way.
The company said there is no indication that the encryption on the passwords or answers to security questions was broken.
As a precaution, it encourages users to reset passwords for any AOL service. It also encourages you to change the security question and answer related to a particular account.
The spoofed email issue first bubbled up about a week ago, when AOL email users took to Twitter to complain about the problem.
AOL is notifying potentially affected users.