Spammers 'leak database of 1.4 billion users'

The data hoard was discovered after an alleged faulty backup

One of the world's largest spam email operations has reportedly had its entire repository of 1.37 billion user records leaked publicly online, due to the spammers failing to password protect the database.

In what is being described as a "tangible threat to online privacy and security", the massive data hoard apparently includes email addresses, real names, IP addresses, and in some cases home addresses and post codes.

The discovery was made when Chris Vickery, security researcher at MacKeeper Security Research Centre, stumbled upon the publicly exposed database that was lacking password protection. Since then, a research cooperative made up of investigators from MacKeeper, CSOOnline and Spamhaus has been trawling through the leaked files, and believe that a group known as River City Media were behind the leaked files.

"The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM)," said Chris Vickery, in a blog post describing the operation. "Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends."

RCM calls itself an email marketing firm but resides in the top 10 list on the Register of Known Spam Operations (ROKSO).

"Well-informed individuals did not choose to sign up for bulk advertisements over a billion times," added Vickery. "The most likely scenario is a combination of techniques. One is called co-registration - that's when you click on the 'Submit' or 'I agree' box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site."

How can two individuals be responsible for up to a billion email sends in a single day? The answer, Vickery explains, is extensive automation and illegal hacking techniques.

Part of a conversation discovered by the research team - courtesy of Chris Vickery

In one screenshot highlighted by Vickery, the spammers appear to admit to using a technique which attempts to open as many connections as possible between themselves and targeted Gmail servers. Normally Gmail would shutdown these connections as it becomes overloaded but, according to Vickery, connections are made extremely slowly and fragmented in a way that bypasses this check.

The research group has yet to fully verify the data set as legitimate, but Vickery has cross checked a small sample of addresses and found them to be genuine.

The researchers have forwarded details of the abusive scripts and techniques to Microsoft and Apple, as well as unnamed law enforcement agencies.

According to CSOOnline, the leak was the result of a faulty backup - Vickery said: "Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.

"The situation presents a tangible threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. Chances are that you, or at least someone you know, is affected."

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

How to protect against a DDoS attack
Security

How to protect against a DDoS attack

14 Oct 2020
Fitness Depot notifies customers of data breach
data breaches

Fitness Depot notifies customers of data breach

8 Jun 2020
Printing company exposes 343GB of sensitive military data
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020