Press Releases

Browse our press release archive

24 Jun 2004

AOL engineer charged with selling 92 million email addresses to spammers, Sophos comments

An AOL software engineer has been charged with stealing the ISP's entire customer list and selling it to spammers.

Jason Smathers, 24, was arrested at his home in West Virginia, close to AOL's headquarters. A complaint filed in federal court by prosecutors charges Smathers and Sean Dunaway, 21, who is said to have bought the list of email addresses, with conspiring "to send massive amounts of unsolicited commercial emails - also known as spam - to millions of AOL's customers."

The indictment alleges that Smathers used his knowledge as a member of AOL's staff to steal AOL's database of customer account screen names in May 2003. Dunaway is said to have bought the list, and used it to promote his own internet gambling website, allegedly generating up to $20,000 a day. Dunaway is also said to have sold the valuable list of email addresses to others, including to spammers promoting herbal penile enlargement pills, for $52,000.

Dunaway is said to have paid Smathers another $100,000 for an updated list of AOL users, which was again sold on to third parties.

AOL has approximately 30 million users, but many of them have multiple email accounts or screen names, meaning that a total of 92 million email addresses are said to have been passed on to spammers.

"Spamming is big business, and there are fortunes to be made - not just in selling goods promoted via spam, but also in selling valuable email addresses to those planning to send millions of nuisance emails," said Graham Cluley, senior technology consultant for Sophos. "Companies who have contact details for a large number of customers need to protect that information both from external hackers and employees with malicious intent."

Following an internal investigation AOL determined that one of their own employees was involved in the theft of customer data.

Smathers was fired by AOL last week. If convicted, he and Dunaway face up to five years in prison and fines of $250,000.

Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy