Musings – Abhay S. Kushwaha

A story on CNN/Money reports that AOL worker, Jason Smathers has been arrested for stealing AOL’s subscriber list and selling it to a spammer (Dunaway) who used it to promote his own Internet gambling business. Then, Dunaway sold the list to other spammers for $52,000.

With all the ruckus going on about SPAM and privacy, I am amazed that 92 million screen-names were downloaded onto a transferable media and taken out of AOL’s facilities (physical/virtual) without any alarm bells ringing. I figure it was much later that the theft was actually discovered. The amount of data that 92 million screen-names represents is phenomenal. AOL maintains that no credit card numbers were taken by Smathers but admit that he did include the credit card type besides phone numbers and ZIP codes. If I was a subscriber of AOL (and I’m not), I would be very very worried.

This incident also exposes the hollowness of claims made in their Privacy Policies by companies. If a tech company like AOL whose credibility depends on the security of their user data cannot keep it safe from being exposed to/accessed by unauthorised or unscreened employees, I shudder to think what the other Privacy Policies are doing out there other than giving people lip service.