A hacker has broken into the AOL email accounts of hundreds of millions of people around the world, a breach that could potentially expose the personal details of those who use the email service, according to security experts.
Hackers have previously targeted other popular websites including Wikipedia, Twitter, YouTube and Yahoo, but this breach is the first to target AOL, which is known for being among the most popular email providers in the world.
The hacker, who goes by the alias “KotakuInAction,” said that he used the hacker account to “post a message on Twitter that read ‘The password is Kotaku in Action’.” KotakuInaction was able to access the account using an email address used by a member of a “team of hackers” that hacked into AOL’s systems in 2015, according a report published by cybersecurity firm FireEye on Friday.
The account was then used by the hacker to upload an archive of leaked documents on the website.
According to FireEye, the hackers who broke into AOL in 2015 were able to gain access to a “large number of accounts” because AOL’s “authentication process is quite complex.”
“They are able to use the same kind of information they were able do in 2015,” FireEye CEO and founder David Sirota said in a statement.
“The data on those accounts was not stolen, and they were not compromised.”
The hacker has also posted photos of the stolen documents on his Twitter account.
The hack has caused damage to AOL’s reputation in the digital world, which has suffered from a wave of online attacks by hackers targeting celebrities, government officials and corporations.
Earlier this year, Google shut down the website of the news website Axios after it published a series of stories about a hacker who used Google accounts to post messages to Axios employees.
Axios CEO and editor in chief Mike Isaac said he was shocked to learn that the hackers had accessed the company’s Gmail accounts.
“This attack is unprecedented in terms of the scale of its impact,” Isaac said.
“It has affected not only Axios, but also the thousands of other news organizations, government organizations and others who have shared the news on our platform.”
He added that Axios has not received any threat or report of malicious activity related to the attack.
FireEye said the breach is likely connected to the same hacker group that has breached the websites of The New York Times, The Wall Street Journal and NBC News.
It is not clear how the hackers accessed the accounts or what the passwords for those accounts were.
AOL did not immediately respond to a request for comment.
In an email to The Associated Press, AOL said it is “committed to safeguarding the personal data of our customers and users, and we are actively working with our customers to address this situation.”
“The breach is extremely concerning, and it is not our intent to mislead or defame any company, user or company member,” the email said.
AOL’s announcement comes just days after the company said it was working with law enforcement authorities to investigate an incident that affected more than 300 million accounts and led to the shutdown of thousands of websites and websites associated with The New Yorker, The Washington Post, The New Republic and The Guardian.
The New American Foundation, a nonprofit watchdog group, called the breach “a devastating blow” to the company.
“An AOL breach like this is just the tip of the iceberg,” the foundation said in an advisory on Thursday.
“AOL has the capacity to prevent this kind of attack on its systems and could have easily mitigated the breach in the time it took to shut down all its accounts.”
AOL declined to comment.
The company’s CEO, Tim Armstrong, said that the company was “deeply concerned” by the breach and is working with government agencies to investigate the incident.
AOL was not the only major US company to lose users’ email accounts in the last few weeks.
On Monday, PayPal said it had suspended accounts of more than 500,000 people.
The social media platform said it has also suspended the accounts of dozens of people who use PayPal.
AOL declined comment.
Al Jazeera and wire services