AOL is asking its users to change their passwords and security questions after discovering that a mass hack of its network and systems potentially compromised "a significant number" of user accounts, ZDNet reported.
The New York-based tech giant has launched an investigation into a "security incident" that involved unauthorized access to customer and employee data such as email addresses, passwords, contact lists, postal addresses and answers to security questions, CNN reported.
"We are working closely with federal authorities to pursue this investigation to its resolution," AOL said in a blog post. "Our security team has put enhanced protective measures in place and we urge our users to take proactive steps to help ensure the security of their accounts."
The investigation began immediately following a significant increase in the amount of spam appearing as "spoofed emails" from AOL Mail addresses. Spoofing is a tactic used by spammers to "make it appear that the message is from an email user known to the recipient in order to trick the recipient into opening it," AOL officials said.
The emails do not originate from sender's email or email service provider - the addresses are edited to make them appear that way.
AOL officials estimate that only 2 percent of their email accounts are being spoofed so far. According to CNN, the massive hack likely affected untold millions. So far, the Internet service provider has only been able to redirect these spoofed emails into people's junk mail folders.
The company said it has no information indicating that this incident resulted in disclosure of users' financial information, including debit and credit cards.
"The ongoing investigation of this serious criminal activity is our top priority," AOL said.
In addition to encouraging users to change their passwords and security questions, the company is also contacting users that may have been affected.