Huge database leak reveals 1.37 billion email addresses and exposes illegal spam operation
A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security."
Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected."
The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation. Business plans, HipChat logs, accounts and much more.
As with any big leak, there is the question of whether it is genuine. Vickery has shared his finding with numerous security sites as well as law enforcement agencies, and says:
That was my initial reaction. I'm still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate. The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location.
In conjunction with security experts Salted Hash and spam experts Spamhaus, Vickery found that RCM had used illegal IP hijacking techniques during some of its spam campaigns. He says that since making this discovery, he has contacted the companies affected by the leak:
Once we concluded that this was indeed related to a criminal operation, it was decided that we should approach law enforcement and the affected companies (like Microsoft and Yahoo) before making any attempts at contacting the spammers directly. The leaking servers went dark during the process of notifying law enforcement and the major companies. So, I did not directly contact the spammers themselves.
It remains to be seen quite what impact this will have on River City Media's operations, and whether there will be an immediate reduction in the amount of spam flying to inboxes around the world.
You can read more about Vickery's finding over on MacKeeper.