A security breach, an acquisition---it's just another rockin' week at AOL.
As if the news Wednesday of the theft of 92 million screen names wasn't enough, the very next day came word of AOL's
acquisition of Advertising.com. Nothing like a big, fat juicy deal to make business writers and analysts everywhere turn their attention from the criminal, to the standard dissection of economic and
business implications of an acquisition.
Although the Advertising.com deal is fascinating, and some pundits wonder whether AOL paid too much and how the company will fully leverage the online ad
network's power, the massive screen name theft leaves us wondering how a company so committed to anti-spam measures could be so vulnerable. AOL has been vocal on spam, supporting nearly every industry
initiative to control spam. AOL has packed its service with a host of security and anti-spam features.
But it couldn't battle an attack by one of its own employees.
According to press
accounts of the crime caper, Jason Smathers, the AOL engineer who masterminded the theft, used a company laptop PC to install codes that facilitated the download of account information from a
supposedly secure database. Smathers used AOL instant messaging to communicate with Sean Dunaway, the guy he sold the screen names to. The pair allegedly planned the theft of company account data in
early 2003.
Authorities were tipped off about the theft this spring, as an alleged co-conspirator, not yet charged, provided CD-ROMS with the stolen data. AOL examined Smathers' laptop last month
and found incriminating emails in a permanent file, and of course, there is more.
If this can happen at AOL, what about at Microsoft, Yahoo!, EarthLink and even beyond the world of Internet
Service Providers? It's a high-tech security issue that affects the credibility of companies that hold consumer data. Who knows whether AOL customers received spam messages specifically as a result of
this theft, but the more important issue is the fact that it took place at all. Security and storage technology, anti-spam measures and legislation--all will be looked at in a different light from now
on.