US authorities have charged three men in connection with a series of hacks into email service providers that saw customers of some of the country's biggest banks spammed with messages linking to sites selling dodgy software.
In what the Justice Department calls one of the largest reported data breaches in US history, Vietnamese citizen Viet Quoc Nguyen is accused of hacking into at least eight email service providers (ESPs) throughout the US between 2009 and 2012, stealing one billion email addresses.
Although authorities have not named any of the ESPs, one is understood to be US cloud marketing and communications outfit Epsilon, which confirmed that it was hit by hackers in 2011.
Among the Epsilon clients to have had their customer data compromised, were a host of finacial services firms, including TD Ameritrade, US Bank, Citibank, JPMorgan Chase and Capital One.
Nguyen, along with Giang Hoang Vu, is alleged to have used the information to spam tens of millions of people with emails containing links to sites selling suspect software.
Meanwhile, a third man, Canadian David-Manuel Santos Da Silva, is accused of entering into an "affiliate marketing" arrangement with Nguyen, helping him to get commission on sales generated from people directed to sites selling the software. Nguyen and Da Silva bagged around $2 million from the scheme.
Nguyen is still at large but Vu was extradited to the US from the Netherlands last March and has pleaded guilty to conspiracy to commit computer fraud. Da Silva was arrested last month at a US airport.