AOL has released more details about a major hack of AOL Mail this month, in which users' accounts were compromised to send out spam messages.
The company is still investigating the breach, but AOL confirmed in a company blog post Monday that "there was unauthorized access to information regarding a significant number of user accounts."
Thankfully, no financial details appear to be affected. But hackers did access a trove of personal data including AOL users' email addresses, mailing addresses, contacts, encrypted passwords, encrypted answers to security questions used for resetting passwords, and some employee information.
Spammers used that information to send "spoofed" emails -- messages that appear to be from a valid address or trusted contact, but are not actually from those contacts -- from about 2 percent all AOL Mail accounts, the company said.
AOL is notifying users who may have been affected, the company said Monday, and it is working with law enforcement "to investigate this serious criminal activity."
Customer complaints about the spoofing began popping up early last week, including on Twitter with the hashtag #aolhacked.
AOL posted a warning on April 22 about the attack, and stated that it would change its policy "to help mail providers reject email messages that are sent using forged AOL Mail addresses."
AOL's official support Twitter account has spent the week tweeting apologies and statements to disgruntled customers, but even some longtime AOL diehards couldn't be mollified.
Others used the incident to take potshots at AOL as the email of choice for the non-techy set.
AOL wasn't the only big tech company to face a security breach this week. Microsoft is scrambling to fix a newly found bug in Internet Explorer, which leaves all versions of the browser open to potential attacks.