America Online a US major Internet provider and part of Time Warner, became the victim of someone who stole the screen names and user info for almost 30 million AOL users. The thieves of the data were taken into federal custody after an investigation of the crime pointed to Jason Smathers an AOL software engineer and Sean Dunaway, an online gaming operator, who purchased the data from Smathers. Smathers used a stolen ID code to steal the screen names and user info for the AOL users. Dunaway bought the info from Smathers so he could promote his gaming operation and then resold the data to another person, who used it to push sexual products.
Internetnews.com reported that 92 million AOL screen names were stolen. According to AOL, each AOL subscriber can have seven names as part of the subscription. Igamingnews.com reported that Dunaway paid $52,000 for an initial list and a total of $100,000 for an updated list of 18 million names. Dunaway resold the lists for $84,500.
Smathers, 24 and Dunaway, 21 could do five years in prison and a fine of $250,000, which is twice the gross gain from the theft. The charges are the first under a newly passed federal Can-Spam bill which was designed to reduce junk e-mail. Reportedly almost 75 percent of all e-mails are spam.
Smathers did not have the authority to access or copy the list that he stole. It is believed that he accessed the info with a code he obtained from another employee. Fortunately for the customer victims of this theft, their credit card numbers and pass words were not stored in the same data base that was stolen. The data that was illegally obtained contained user names, zip codes and telephone numbers. AOL stated that it was committed to protecting customer data and will do its best to reduce the illegal spamming. AOL did not explain how Smathers collected the screen names.
AOL chief executive Jonathan Miller was quoted by Story.news.yahoo saying the damage would have been far worse if the credit card information had been an element of the stolen data. Miller added that the company regretted what had taken place and was doing an in depth review of internal procedures with the idea of strengthening their operation. This is a short term fallout which is resulting from this crime investigation and the subsequent arrests.
Smathers has been fired from AOL and the company is committed to a full prosecution of this company software engineer. The investigation of this data crime involved the US Secret Service, New York Electronic Crimes Task Force, Washington DC Electronic Crimes Task Force and the Las Vegas Electronic Crimes Task Force. All of these agencies collaborated in this investigation stated David Kelly, the US Attorney for the Southern District of New York.
AOL officials are claiming that this theft did not cause a huge number of subscribers to leave.
AOL also stated that many of the users are not going to change their e-mail names.
Customers stated that they were not making a change as they do not want the hassle of telling all of their contacts about the change. In a statement about spam, AOL said that they block up to 2.5 billion spam e-mails daily and their users are receiving fewer in their inbox. They also made it clear that they did not know if any of the spam messages were from spammers that had made a purchase from Smathers.
As anyone that reads this story can see, e-mail info and personal data should be protected at all times by the user and by the anyone they use to service this information. Even the best of security can be attacked and broken into.