AOL's Recent Security Breach

Hackers attacked AOL’s servers and jeopardized about 2% of AOL user accounts, obtaining email addresses, encrypted passwords, and answers to security questions.
Back to Blog
Written by Staff Writer • Posted on May 05, 2014


Last week, email giant AOL announced that the company is presently working with federal investigators to find out all they can about a recent security breach. Hackers attacked AOL’s servers and were able to jeopardize about 2% of AOL user accounts, obtaining email addresses, postal information, encrypted passwords, and answers to security questions. On a positive note, there is no sign so far that the encryption on the stolen information has been broken or compromised.


AOL discovered the hack after a number of users complained about a flood of spam emails. The strange thing about the spam emails is that they were “spoof emails” or emails that look like they are coming from an AOL address but aren’t really. The spoof emails were received by people who are contacts of AOL customers. The difficulty with spoof messages is that people receiving them don’t always look as closely as they should because they believe the email is coming from a legitimate source.

AOL is encouraging the majority of its account holders, though not all were affected by the attack, to change their passwords and protect their personal data. If you are an AOL customer, please heed their advice and change the password on your email account. Remember, the vast majority of AOL accounts was not affected—98%—but it’s always a good idea to be on the safe side.

It may seem like a bit of a broken record for us to say this again, but it’s a good idea generally to update your account passwords on a regular basis. Even if you are not an AOL user, you should take this security breach as an example of what could happen, and think how you could protect yourself in a similar situation. When it comes to passwords, here are some things to keep in mind:

- Don’t use the same password for all of your accounts. If you have an email account, an online banking account, and like shopping on, all three of those accounts should have very different and unique passwords. If you used the same password for all of your accounts, a hacker who compromises just one of your accounts will easily have access to all of them.

- Use a combination of letters and numbers in your passwords. Using recognizable words—like sports teams, personal names, or places—can sometimes make passwords easier to crack. If you want to use a name or a word you know well—e.g., the name Catherine—you can break it up with a number, like this: Cathe167rine?. Use capital letters and punctuation to make your passwords even more difficult to hack.

- Update your passwords on a regular basis. Mark a date on your calendar when you will change your passwords. If it helps, set the deadline near to another event. Time to rotate your tires, or change your oil? Maybe it’s time to update your email password. Changing your passwords at least twice a year, or perhaps even quarterly, would be great. If you are a Bask Gold or Platinum member, you can plan to change your password when you receive your TuneUp every three months.

Remember: if your password is tricky to remember, it will be tricky for a hacker to crack, and that is a good thing!