WEB OUTFIT America On Line (AOL) is still poring over its recent email security issue and trying to work out how so many "spoofed mails" have been coming out of its mailboxes.
The firm first reacted to the spam attack earlier this month when it came out with a statement on the bug and its plan of action. It made one move then, altering its DMARC policy to help prevent email account hijacking and spoofing and preventing mass mailings.
Since then it has continued to look into the problem and what it called "serious criminal activity" affecting a "significant" number of users.
"AOL's investigation is still underway, however, we have determined that there was unauthorised access to information regarding a significant number of user accounts," it said in a blog post.
"This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information".
The firm said that roughly two percent of AOL email accounts appear to be sending spoofed emails, but added that there is no suggestion that financial information has been plundered. Despite this users are advised to clean up their passwords.
"Although there is no indication that the encryption on the passwords or answers to security questions was broken, as a precautionary measure, we nevertheless strongly encourage our users and employees to reset their passwords used for any AOL service and, when doing so, also to change their security question and answer," it added.
"Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts. AOL is notifying potentially affected users and is committed to ensuring the protection of its users, employees and partners and addressing the situation as quickly and forcefully as we can." µ