AOL Employee Arrested in Spam Scheme

LostCluster writes "The AP, Reuters, and AOL's own CNN/Money are all reporting that AOL employee Jason Smathers has been arrested and accused of taking a list of 92 million screennames from the internal AOL system, and selling it to another man, who allegedly used it 'to promote his own Internet gambling business and also sold the list to other spammers for $52,000'. Not surprisingly, Smathers has been fired."

Re:Fired?

[Kiryat+Malachi]

Only in criminal court. Unless the guy had an employment contract that stated otherwise, he was employed "at the pleasure of the employer" - i.e. he can be fired for just about anything, barring discriminatory or retaliatory firings.

And I don't think anyone can argue that there's cause here.

Re:Arrested and accused... how about convicted

[Kiryat+Malachi]

Hi.

I'm the government. I can't do anything prison-like or fine-like to you without convicting you first.

Hi.

I'm your employer. Unless you have a contract stating otherwise, odds are you're an at-will employee, which means *I can fire you for just about any reason I want*.

Re:Access?

[homer_ca]

The article says he's a software engineer at AOL with inside knowledge of their computer systems. It doesn't say that he was directly responsible for the customer database systems, but even if not, it can't be that hard to dump the names out. Any sysadmin is in a position of great trust. They could walk off with all your data on their servers, but they're trusted not to.

Re:Access?

[YU+Nicks+NE+Way]

When I was a young man, a bank in New York hired an ourside consultant to find out how to protect their data against their programmers. The response was one of the shortest lists of recommendations ever:

• Pay them well

• Keep them very happy

• Watch them very very closely

Re:AOL's New Slogan

[homer_ca]

That's easy to block if you run your own mail server. All AOL dialups have hostnames ending with ipt.aol.com. AOL's mail servers have hostnames ending with mx.aol.com. Deny hosts from ipt.aol.com and problem solved.

Re:That's a lot of names...

[bigman2003]

Especially for a list of confirmed gullible people.

The chances of an AOL user falling for a spam-scam are probably good. They already fell for one scam, so they've proven themselves to be targets already.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:AOL's New Slogan

[JPriest]

Why would they? Once the aliases are sold and resold, what can AOL really do to recover them?

Mr. Spammers, please delete all @aol.com email addresses in you list, yeah right!

My girlfriend recently recovered an account that has not been active in 3 1/2 years, it still gets flooded with spam despite 3 1/2 years of not existing.

I doubt AOL users will be much better off unless they want to create a new alias.

$25,000?

[ackthpt]

Read the article lately?

Former AOL employee Smathers sold the initial list for an unmentioned amount to Dunaway (the spammer) then Smathers sold an updated list to Dunaway for $100,000. Dunaway sold lists to other spammers for $52,000.

Smathers & Dunaway to AOL members: "All your screenname are belong to us!"

I expect something like this happened at eBay a while back. I changed my email address for eBay to a new mailbox. A few weeks later someone spammed it offering to sell lists of eBay members. Then spam followed, usually from phishers.