A massive dump of 1.4 billion email addresses spilled online, leaked from a spam operation that used bad backups and exposed its repository.
When databases are breached and passwords are dumped online it's typically the result of a hack, but not in this case. The latest discovery of 1.4 billion usernames, emails and other personal information that made its way online was seemingly the result of a poorly guarded spam operation, according to a security researcher.
A U.S.-based spam-wielding operation called River City Media, based in Jackson, Wyoming, has amassed an extensive database of roughly 1.4 billion records so it could flood those email addresses with special offers, various marketing stuff and other such.
Spammergate Spills 1.4 Billion Email Accounts And Details
MacKeeper security researcher Chris Vickery drew attention to "Spammergate" on Monday, March 6, revealing that he found roughly 1.4 billion email accounts collected by RCM. The accounts in question were directly linked to other personal user info such as IP address, real name and physical address.
"A cooperative team of investigators from the MacKeeper Security Research Center, CSOOnline, and Spamhaus came together in January after I stumbled upon a suspicious, yet publicly exposed, collection of files," Vickery explains. "Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling."
The data was basically kept as a backup, but stored in an rsync-accessible system with meager security. Internal files and chat logs in the repository reportedly show RCM employees discussing schemes to overload mail servers and get them to accept a flood of messages.
RCM presumably collects its data from users who apply for free gifts and online accounts, request credit checks, participate in various prize giveaways and other such online activities. Alternately, RCM could also buy the data from similar data-collection companies.
Free Data
According to Vickery, at least a few records were confirmed to be real, albeit the physical addresses were often out of date. Nevertheless, Vickery says that the repository contains a slew of combinations of real names, IP addresses and military email addresses.
Since the leaked data was accessible to anyone because the remote backup attempt failed, basically anyone could access the company's emails and chat logs, as well as the comprehensive email list.
Despite being featured on the Register of Known Spam Operations, RCM still managed to participate in various marketing campaigns including from high-profile companies such as Covergirl, Nike, Gillette, AT&T and Victoria's Secret. RCM likely managed to infiltrate these campaigns through third-party deals rather than with the companies themselves.
Cue Spamhaus
RCM has not offered any comment on Vickery's discovery. However, anti-spam organization Spamhaus has already moved to action and has blacklisted the entire infrastructure of RCM.
"For their part, Spamhaus will be taking action on all of the IP addresses and other elements connected to abuse stemming from this incident," says CSOOnline. "The problem is, organizations like River City Media use numerous aliases and affiliate programs, so while blocking their infrastructure will hurt, there is no assurance it will put them out of business for good."