24 June 2004 An employee of America Online (AOL), the world’s largest Internet service provider, has been arrested and charged with stealing all 92 million e-mail addresses of AOL customers and selling them on to spammers for an alleged $52,000.
The engineer, Jason Smathers, 24, apparently used the identity of another AOL employee to gain access to the company’s list of customer email addresses on a supposedly highly secure database. He also took their telephone numbers, postal codes and the type of credit card they use. Fortunately, credit card numbers are kept on a separate database.
He sold the information to the owner of an Internet gambling site, Sean Dunaway, 21, who wanted to spam the addresses to promote his site. Smathers is also said to have sold the list to others although no details have been disclosed.
The two men are the first to be prosecuted under the new US ‘CAN-SPAM’ law. It requires a business relationship to exist between the sender and recipient of a commercial email and in this way, aims to make certain types of spam illegal. It also mandates working unsubscribe links in any email.
Under the law, each defendant faces a maximum sentence of five years in prison and a fine of $250,000.
Smathers was caught out when AOL was pursuing a lawsuit against a group of spammers in early 2004. During an interview, it emerged that someone had bought addresses from an AOL employee in order to send spam promoting penis enlargement pills.