jun 1, 2004 - AOL 92million users info leak (insider)
An AOL software engineer has been charged with stealing the ISP's entire customer list and selling it to spammers.
Jason Smathers, 24, was arrested at his home in West Virginia, close to AOL's headquarters. A complaint filed in federal court by prosecutors charges Smathers and Sean Dunaway, 21, who is said to have bought the list of email addresses, with conspiring "to send massive amounts of unsolicited commercial emails - also known as spam - to millions of AOL's customers."
The indictment alleges that Smathers used his knowledge as a member of AOL's staff to steal AOL's database of customer account screen names in May 2003. Dunaway is said to have bought the list, and used it to promote his own internet gambling website, allegedly generating up to $20,000 a day. Dunaway is also said to have sold the valuable list of email addresses to others, including to spammers promoting herbal penile enlargement pills, for $52,000.
Dunaway is said to have paid Smathers another $100,000 for an updated list of AOL users, which was again sold on to third parties.
AOL has approximately 30 million users, but many of them have multiple email accounts or screen names, meaning that a total of 92 million email addresses are said to have been passed on to spammers.
"Spamming is big business, and there are fortunes to be made - not just in selling goods promoted via spam, but also in selling valuable email addresses to those planning to send millions of nuisance emails," said Graham Cluley, senior technology consultant for Sophos. "Companies who have contact details for a large number of customers need to protect that information both from external hackers and employees with malicious intent."
Following an internal investigation AOL determined that one of their own employees was involved in the theft of customer data.
Smathers was fired by AOL last week. If convicted, he and Dunaway face up to five years in prison and fines of $250,000.
Added to timeline: