AOL released a statement Monday that said the breach "involved unauthorized access to AOL's network and systems," giving the hackers access to mail addresses, postal addresses, address book contact information, encrypted passwords, and encrypted answers.
The company said roughly 2 percent of its users were affected, and that it wasn't sure if its password encryption was broken or whether the company lost any financial data, including debit and credit cards. But as a precautionary measure users were asked to change their passwords immediately.
"We nevertheless strongly encourage our users and employees to reset their passwords used for any AOL service and, when doing so, also to change their security question and answer," AOL said.
"We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2 percent of our email accounts," the statement read.
The attack was detected after a flurry of complaints regarding spoof and spam emails coming form AOL users. According to AOL, "spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it."
AOL said its working with law enforcement to investigate the breach and has also contacted the SEC as protocol. The company has yet to detect the exact time and nature of the attack.