Today, the Department of Justice announced charges against three defendants over the theft of more than 1 billion email addresses between 2009 and 2012. According to the indictment, Vietnamese citizen Viet Quoc Nguyen broke into eight different email providers, harvesting more than a billion names and emails. An additional accomplice helped him use tens of millions of those emails for spam marketing, while a second accomplice assisted in laundering the proceeds. Nguyen is currently a fugitive, facing computer crime charges. "This case demonstrates there is no such thing as anonymity for those engaging in data theft and fraudulent schemes," said Secret Service Agent Reginald Moore.
The case seems to be related to a 2011 breach at Epsilon Marketing, an email marketing service that stored nearly a quarter of a billion emails at the time. None of the other providers were named, but it seems likely that they were also marketing services rather than consumer-facing webmail services like Gmail or Yahoo Mail. The bulk of the data in the Epsilon breach was taken from corporate mailing lists, including Best Buy, Citibank, and Walgreens, making it a low-value, but unusually far-reaching breach.