Spammers Exposed After Backup Error Reveals 1.4 Billion Email Addresses

One of the world’s biggest alleged spam operators has had its entire database of 1.4 billion email addresses leaked online. The discovery was made by MacKeeper researcher Chris Vickery, who shared his findings with Spamhaus and CSO Online.

Vickery says the database belongs to a company called River City Media (RCM), led by Alvin Slocombe and Matt Ferris, who Vickery describes as “known spammers.” The company “masquerades as a legitimate marketing firm,” Vickery adds.

The discovery was made after Vickery said he, “stumbled upon a suspicious, yet publicly exposed, collection of files,” which someone had forgotten to password-protect, meaning anyone could access the list. What Vickery discovered was a database of nearly 1.4 billion email addresses, plus additional physical addresses, IP address and real names, although in much smaller numbers than the email addresses.

The files, which were part of a backup published online without a password to protect it, also included a lot of internal documents, such as Hipchat logs and domain registration records, accounting information and production notes.

However it is the cache of email addresses that is most revealing. It seems they were gathered through credit check offers, sweepstakes and other techniques such as co-registration, where a person signs up for a service and has their email shared with a third-party. In total, RCM had amassed 1.4 billion email addresses and sent out around one billion spam emails every day.

Vickery also detailed the techniques the company used to get around anti-spam measures put in place by email providers. These include “warm-up accounts,” automatically generated and maintained by RCM.

“RCM will send messages for a given campaign to these warm-up accounts, and since they're not generating complaints from these messages (they're not going to complain about themselves after all), the Email Service Provider or affiliate program will mark them as a good sender. Once they have a solid reputation built-up, they're ready to blast the rest of the internet with their offers,” CSO explained.

Vickery shared his discovery with Spamhaus, which maintains a database of companies known to be spammers. Spamhaus has added RCM’s entire infrastructure to its blacklist, putting a stop to their spamming campaign for now.

“The situation presents a tangible threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. Chances are that you, or at least someone you know, is affected,” Vickery added.

What’s Hot on Infosecurity Magazine?