In June 2004, an AOL employee was arrested for stealing the company's entire subscribers list and selling it to spammers (http://money.cnn.com/ 2004/06/23/technology/aol_spam/). That list contained over 30 million users' email addresses and 90 million screen names. A 21-year-old was arrested for having access to T-Mobile's 16 million subscriber database (http://news. com.com/T-Mobile+Hacker+had+limited+access/2100-7349_3-5534323.html), and shortly after his conviction, celebrity Paris Hilton's Sidekick data was posted publicly on the Internet by an unknown hacking group (www.drudgereport.com/flash3ph.htm).
The real concern is that the access people like these have could be potentially worse than targeting celebrity information; we know that one person had access to the database, but how many others might have access? This would include 16 million high-quality email addresses, not to mention a lot of private information regarding customers.
It has been observed that even some banks have had insiders who might have had access to not only internal banking procedures but also personal customer financial information. This type of information is worth a lot of money to the right people, since elements of the information could be sold to different types of buyers. Coupled with the already overwhelming existence of phishing attacks, the last thing a bank needs is to have a "mole" on the inside assisting phishers for profit.
10 tips in 10 minutes: Phishing exposed
Tip 1: Email basics for Exchange admins
Tip 2: Understanding email delivery
Tip 3: Anonymous phishing email
Tip 4: How phishers forge email headers
Tip 5: Phishers use of open relays and proxy servers
Tip 6: How phishers send anonymous email
Tip 7: Phishers techniques for email harvesting
Tip 8: Phishers, hackers and insiders
Tip 9: Sending spam; phishing tools of the trade
Tip 10: Phishing email and spam filters