AOL suffered a massive Data Breach

AOL Inc. confirms security breach, email accounts of a significant number users may have been exposed, no financial data has been stolen.

AOL Inc. last Monday has confirmed with an official  blog post that the company suffered a massive data breach which may have compromised the email accounts of a significant number users, for this reason it is suggested to the clients of the American On-Line (AOL) mail service to change their password as soon as possible.

“Although there is no indication that the encryption on the passwords or answers to security questions was broken, as a precautionary measure, we nevertheless strongly encourage our users and employees to reset their passwords used for any AOL service and, when doing so, also to change their security question and answer. reportes” AOL in the blog post.

AOL started the investigation after it noticed a spike in spoofed emails from AOL user accounts, according first rumors of the incident, hackers used the contact information to malicious emails that appear to come from AOL email accounts. It seems that the nearly 2 percent of AOL email accounts have been involved.
“The ongoing investigation of this serious criminal activity is our top priority,” “We are working closely with federal authorities to pursue this investigation to its resolution. Our security team has put enhanced protective measures in place, and we urge our users to take proactive steps to help ensure the security of their accounts.” states AOL in the blog post.
The cyber criminals use “Spoofed” emails as part of phishing campaign or to send messages pretending to be a legitimate user for various types of  illicit activities. Fake make could be used for to serve malicious links to infect victims.
“Importantly, we have no indication that the encryption on the passwords or the answers to security questions was broken. In addition, at this point in the investigation, there is no indication that this incident resulted in disclosure of users’ financial information, including debit and credit cards, which is also fully encrypted.” continues the official post.
The AOL company confirmed that at the moment there is no indication that user’s financial data, debit card numbers, passwords or other sensitive information has been obtained by the attackers due the adoption of encryption.
AOL also provided the following suggestions to users:
  • Do not click on any suspicious links or attachments in the email you received.
  • When in doubt, contact the sender to confirm that he or she actually sent the email to you or not.
  • Never provide your personal or financial information through an email to someone you do not know.
  • AOL will never ask you for your password or any other sensitive personal information over an email.
  • If you found yourself a victim of spoofing, inform your friends that your emails may have been spoofed and warn them to avoid clicking the links in suspicious emails.

Pierluigi Paganini

(Security Affairs –  AOL, Data Breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

4 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

15 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

19 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.