Spammers 'leak database of 1.4 billion users'

The data hoard was discovered after an alleged faulty backup

One of the world's largest spam email operations has reportedly had its entire repository of 1.37 billion user records leaked publicly online, due to the spammers failing to password protect the database.

In what is being described as a "tangible threat to online privacy and security", the massive data hoard apparently includes email addresses, real names, IP addresses, and in some cases home addresses and post codes.

The discovery was made when Chris Vickery, security researcher at MacKeeper Security Research Centre, stumbled upon the publicly exposed database that was lacking password protection. Since then, a research cooperative made up of investigators from MacKeeper, CSOOnline and Spamhaus has been trawling through the leaked files, and believe that a group known as River City Media were behind the leaked files.

"The leaky files, it turns out, represent the backbone operations of a group calling themselves River City Media (RCM)," said Chris Vickery, in a blog post describing the operation. "Led by known spammers Alvin Slocombe and Matt Ferris, RCM masquerades as a legitimate marketing firm while, per their own documentation, being responsible for up to a billion daily email sends."

RCM calls itself an email marketing firm but resides in the top 10 list on the Register of Known Spam Operations (ROKSO).

"Well-informed individuals did not choose to sign up for bulk advertisements over a billion times," added Vickery. "The most likely scenario is a combination of techniques. One is called co-registration - that's when you click on the 'Submit' or 'I agree' box next to all the small text on a website. Without knowing it, you have potentially agreed your personal details can be shared with affiliates of the site."

How can two individuals be responsible for up to a billion email sends in a single day? The answer, Vickery explains, is extensive automation and illegal hacking techniques.

Part of a conversation discovered by the research team - courtesy of Chris Vickery

In one screenshot highlighted by Vickery, the spammers appear to admit to using a technique which attempts to open as many connections as possible between themselves and targeted Gmail servers. Normally Gmail would shutdown these connections as it becomes overloaded but, according to Vickery, connections are made extremely slowly and fragmented in a way that bypasses this check.

The research group has yet to fully verify the data set as legitimate, but Vickery has cross checked a small sample of addresses and found them to be genuine.

The researchers have forwarded details of the abusive scripts and techniques to Microsoft and Apple, as well as unnamed law enforcement agencies.

According to CSOOnline, the leak was the result of a faulty backup - Vickery said: "Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.

"The situation presents a tangible threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. Chances are that you, or at least someone you know, is affected."

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

How to protect against a DDoS attack
Security

How to protect against a DDoS attack

17 Sep 2020
Fitness Depot notifies customers of data breach
data breaches

Fitness Depot notifies customers of data breach

8 Jun 2020
Printing company exposes 343GB of sensitive military data
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020