AOL Advises Users to Reset Passwords After Breach

 
 
By Sean Michael Kerner  |  Posted 2014-04-28 Email Print this article Print
 
 
 
 
 
 
 
email security

AOL, which admitted today that its network and systems were recently breached, has not publicly disclosed a timeline on when the breach occurred or how long its systems were at risk.

"AOL's investigation is still under way; however, we have determined that there was unauthorized access to information regarding a significant number of user accounts," AOL noted in a blog post."

According to AOL, the information accessed includes user email and postal addresses as well as address book contact information. Additionally, AOL warns that the answers to the security questions that are required when a user password reset is requested were also obtained in the breach. Those answers, however, were in an encrypted format, and AOL currently is not aware of the encryption actually being broken.

AOL currently estimates that 2 percent of its users' email accounts have been impacted, with attackers sending spoofed emails. That's a nontrivial amount of Internet users.

While AOL only publicly acknowledged that its systems were breached today (April 28), the spoofing attacks have been ongoing since at least April 22.

"If you believe that your account has been compromised, or that your AOL Mail email address has been used to send spoofed messages, please visit the AOL Help site," AOL noted in an April 22 blog post. "AOL takes the security of consumers very seriously, and we are committed to continually improving our security protocols in an effort to prevent situations like this from occurring."

AOL is now recommending that its users reset passwords used for all AOL services. Going a step further, AOL also suggests that users change their security question for password resets as well.

"We are working closely with federal authorities to pursue this investigation to its resolution," AOL stated. "Our security team has put enhanced protective measures in place, and we urge our users to take proactive steps to help ensure the security of their accounts."

This new AOL breach serves as a reminder that organizations big and small are under constant attack and the username/password combination is often the weak link. While we still don't know exactly how AOL was breached, the simple fact is that it happened, and now users need to react immediately.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel