IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Spammers 'leak database of 1.4 billion users'

The data hoard was discovered after an alleged faulty backup

spam

One of the world's largest spam email operations has reportedly had its entire repository of 1.37 billion user records leaked publicly online, due to the spammers failing to password protect the database.

In what is being described as a "tangible threat to online privacy and security", the massive data hoard apparently includes email addresses, real names, IP addresses, and in some cases home addresses and post codes.

The discovery was made when Chris Vickery, security researcher at MacKeeper Security Research Centre, stumbled upon the publicly exposed database that was lacking password protection. Since then, a research cooperative made up of investigators from MacKeeper, CSOOnline and Spamhaus has been trawling through the leaked files, and believe that a group known as River City Media were behind the leaked files.

"The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM)," said Chris Vickery, in a blog post describing the operation. "Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends."

RCM calls itself an email marketing firm but resides in the top 10 list on the Register of Known Spam Operations (ROKSO).

"Well-informed individuals did not choose to sign up for bulk advertisements over a billion times," added Vickery. "The most likely scenario is a combination of techniques. One is called co-registration - that's when you click on the 'Submit' or 'I agree' box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site."

How can two individuals be responsible for up to a billion email sends in a single day? The answer, Vickery explains, is extensive automation and illegal hacking techniques.

Part of a conversation discovered by the research team - courtesy of Chris Vickery

In one screenshot highlighted by Vickery, the spammers appear to admit to using a technique which attempts to open as many connections as possible between themselves and targeted Gmail servers. Normally Gmail would shutdown these connections as it becomes overloaded but, according to Vickery, connections are made extremely slowly and fragmented in a way that bypasses this check.

The research group has yet to fully verify the data set as legitimate, but Vickery has cross checked a small sample of addresses and found them to be genuine.

The researchers have forwarded details of the abusive scripts and techniques to Microsoft and Apple, as well as unnamed law enforcement agencies.

According to CSOOnline, the leak was the result of a faulty backup - Vickery said: "Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.

"The situation presents a tangible threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. Chances are that you, or at least someone you know, is affected."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022