15 months jail for man who sold email addresses to spammers, Sophos reports

Sophos Press Release

A man who sold a stolen list of 92 million AOL email addresses to spammers has been sentenced to jail.

Former AOL employee Jason Smathers has been sentenced to 15 months in prison for stealing a database of 92 million email addresses of the ISP's customers and selling it to spammers.

Smathers - who was fired by AOL in June 2004 - used another employee's access code to steal the list of AOL customers from its headquarters in Dulles, Virginia. He then sold the list for $28,000 (£15,515). As a result of the 25-year-old's actions, approximately seven billion spam messages are said to have flooded the inboxes of innocent AOL users. The details of the AOL email accounts are still believed to be circulating in the spammer underground community.

"We welcome the authorities taking action in this case, and sending out a clear message to others who may be tempted to assist spammers. Those who help the spammers in their criminal activities are doing a disservice to everyone who uses the internet for legitimate reasons," said Graham Cluley, senior technology consultant for Sophos. "If you are co-operating and working with spammers then don't be surprised if the computer crime authorities take a dim view of your activities."

A lawyer for Smathers said that the theft of the list of email addresses had been a "dumb, stupid, insane act".

Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.