Those who use AOL's mail service may have had their e-mail address, postal addresses and address book information compromised. Hackers also obtained encrypted versions of users' passwords and security questions. The firm said it has "no indication" that the encryption was broken.
In an official blog post, AOL also said that it does not believe that any financial information -- such as debit and credit card numbers, which are also encrypted -- was taken as part of the attack.
The company did not say how many users were affected by the breach, which it is still investigating. AOL said it discovered the intrusion when it noticed an increase in spam sent from it servers that appeared to come from legitimate users.
"These emails do not originate from the sender's email or email service provider - the addresses are just edited to make them appear that way," the company said.
The company said that it is notifying customers who may have been affected by the security incident. AOL also cautioned that users should be wary about suspicious e-mails and suggested that users change their passwords and security questions for any AOL services they use.