AOL Inc. said Monday that it is investigating an issue it is facing with breached security of some its user accounts. They said that there were instances of unauthorized access to these accounts, and information, including email addresses, passwords with encryption, postal addresses, security question answers, and information from address books of some AOL users that may have been accessed. There was nothing that led them to believe that the password encryption or the security question encryption had been broken, however. Additionally, there was also no indication that the users’ financial information had been stolen or breached during the instances of unauthorized access to their accounts.
Needless to say, AOL is not the only company looking into an issue of breached security with its user accounts. There have been several reports of security breaches from large online companies in the past few weeks, and AOL is the latest large one to report an incident. At the beginning of April, news of the Heartbleed online security bug was released, and many major and well-known online sites, including Tumblr, Reddit, Pinterest, SoundCloud, Wikimedia/Wikipedia, and Amazon were affected by this, causing users to worry about the state of their online information and their privacy, and also to have to change their passwords and any security questions. There was not much that could be done by users, however, until the state of everything was known, people knew what sites had actually been affected, and those sites had corrected the Heartbleed bug. Experts said that the best thing a person could do was just change his or her password often and not trust a website or app with his or her personal information unless the site or app specifically said it had corrected the bug. At this point, banks are not placing notifications on their sites to let users know that they are safe from the Heartbleed bug, and neither are a lot of websites.
AOL believes that they have traced their own security issue back to spoofed emails. They said that they noticed something suspicious that looked a lot like a security breach when suddenly there was a large boost in the amount of spam emails which were showing up as spoofed emails from AOL email addresses. Spoofed messages, AOL said, do not actually come from the user’s account, or even from the service provider itself. Instead, spoofed email messages are “trick messages,” made to look real, and like they come from real accounts. They are meant to trick the people who receive the messages into opening them because they look like they come from a legitimate source that they are familiar with. For example, the email could say that it is from a “family member” who is asking for money.
AOL said they are looking into this breached security issue closely and are working with federal authorities to solve this case. They stressed that they have put extra protection in place; however, they are also are encouraging their users to take protective measures, including immediately changing their passwords and security questions to ensure optimum safety with their user accounts. AOL will also be attempting to contact the users who have been affected by this security breach, the company said.
By Laura Clark