Cyber Monday: AOL Urges Change Of Passwords, Feds Say Don’t Use Explorer

AOL was hacked today.

AOL Inc on Monday urged its tens of millions of email account holders to change their passwords and security questions after a cyber attack compromised about 2 percent of its accounts. The company said it was working with federal authorities to investigate the attack, in which hackers obtained email addresses, postal addresses, encrypted passwords and answers to security questions used to reset passwords. It said there was no indication that the encryption on that data had been broken. A company spokesman declined to say how many email accounts are registered on its system.

From AOL’s blog:

AOL’s investigation began immediately following a significant increase in the amount of spam appearing as “spoofed emails” from AOL Mail addresses. Spoofing is a tactic used by spammers to make it appear that the message is from an email user known to the recipient in order to trick the recipient into opening it. These emails do not originate from the sender’s email or email service provider – the addresses are just edited to make them appear that way. AOL’s investigation is still underway, however, we have determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information.

RELATED: The federal government today urged Americans to suspend usage of Internet Explorer.

The U.S. and UK governments on Monday advised computer users to consider using alternatives to Microsoft Corp’s Internet Explorer browser until the company fixes a security flaw that hackers used to launch attacks. The Internet Explorer bug, disclosed over the weekend, is the first high-profile computer threat to emerge since Microsoft stopped providing security updates for Windows XP earlier this month. That means PCs running the 13-year-old operating system will remain unprotected, even after Microsoft releases updates to defend against it.The Department of Homeland Security’s U.S. Computer Emergency Readiness Team said in an advisory released on Monday that the vulnerability in versions 6 to 11 of Internet Explorer could lead to “the complete compromise” of an affected system.