Spammers 'leak database of 1.4 billion users'

The data hoard was discovered after an alleged faulty backup

One of the world's largest spam email operations has reportedly had its entire repository of 1.37 billion user records leaked publicly online, due to the spammers failing to password protect the database.

In what is being described as a "tangible threat to online privacy and security", the massive data hoard apparently includes email addresses, real names, IP addresses, and in some cases home addresses and post codes.

The discovery was made when Chris Vickery, security researcher at MacKeeper Security Research Centre, stumbled upon the publicly exposed database that was lacking password protection. Since then, a research cooperative made up of investigators from MacKeeper, CSOOnline and Spamhaus has been trawling through the leaked files, and believe that a group known as River City Media were behind the leaked files.

"The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM)," said Chris Vickery, in a blog post describing the operation. "Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends."

RCM calls itself an email marketing firm but resides in the top 10 list on the Register of Known Spam Operations (ROKSO).

"Well-informed individuals did not choose to sign up for bulk advertisements over a billion times," added Vickery. "The most likely scenario is a combination of techniques. One is called co-registration - that's when you click on the 'Submit' or 'I agree' box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site."

How can two individuals be responsible for up to a billion email sends in a single day? The answer, Vickery explains, is extensive automation and illegal hacking techniques.

Part of a conversation discovered by the research team - courtesy of Chris Vickery

In one screenshot highlighted by Vickery, the spammers appear to admit to using a technique which attempts to open as many connections as possible between themselves and targeted Gmail servers. Normally Gmail would shutdown these connections as it becomes overloaded but, according to Vickery, connections are made extremely slowly and fragmented in a way that bypasses this check.

The research group has yet to fully verify the data set as legitimate, but Vickery has cross checked a small sample of addresses and found them to be genuine.

The researchers have forwarded details of the abusive scripts and techniques to Microsoft and Apple, as well as unnamed law enforcement agencies.

According to CSOOnline, the leak was the result of a faulty backup - Vickery said: "Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.

"The situation presents a tangible threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. Chances are that you, or at least someone you know, is affected."

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Millions of Volkswagen customers affected by data breach
data breaches

Millions of Volkswagen customers affected by data breach

14 Jun 2021
Misconfigured cloud services exposed 100 million Android users' data
data breaches

Misconfigured cloud services exposed 100 million Android users' data

21 May 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021