• by June 25, 2004

A security breach, an acquisition---it's just another rockin' week at AOL.

As if the news Wednesday of the theft of 92 million screen names wasn't enough, the very next day came word of AOL's acquisition of Advertising.com. Nothing like a big, fat juicy deal to make business writers and analysts everywhere turn their attention from the criminal, to the standard dissection of economic and business implications of an acquisition.

Although the Advertising.com deal is fascinating, and some pundits wonder whether AOL paid too much and how the company will fully leverage the online ad network's power, the massive screen name theft leaves us wondering how a company so committed to anti-spam measures could be so vulnerable. AOL has been vocal on spam, supporting nearly every industry initiative to control spam. AOL has packed its service with a host of security and anti-spam features.

But it couldn't battle an attack by one of its own employees.

According to press accounts of the crime caper, Jason Smathers, the AOL engineer who masterminded the theft, used a company laptop PC to install codes that facilitated the download of account information from a supposedly secure database. Smathers used AOL instant messaging to communicate with Sean Dunaway, the guy he sold the screen names to. The pair allegedly planned the theft of company account data in early 2003.

Authorities were tipped off about the theft this spring, as an alleged co-conspirator, not yet charged, provided CD-ROMS with the stolen data. AOL examined Smathers' laptop last month and found incriminating emails in a permanent file, and of course, there is more.

If this can happen at AOL, what about at Microsoft, Yahoo!, EarthLink and even beyond the world of Internet Service Providers? It's a high-tech security issue that affects the credibility of companies that hold consumer data. Who knows whether AOL customers received spam messages specifically as a result of this theft, but the more important issue is the fact that it took place at all. Security and storage technology, anti-spam measures and legislation--all will be looked at in a different light from now on.