Database of 1.4 Billion Emails, Addresses Compromised from Spam Network

A well known spamming company spilled its own beans.

1
spam

A database of more than a billion email addresses has been leaked online. The discovery of the database was made by Chris Vickrey, who reported his findings on CSO Online, a security publishing organisation.

spam
Image Source: CSO Online – Partial list of alleged opt-in addresses.

Vickery highlighted that the leaked email addresses are the property of a company called River City Media, a marketing company. Vickery also says that its employees, Matt Ferris and Alvin Slocombe, were the ones to pull this off – accidentally – and that they are well-known spammers.

spam
Image Source: CSO Online – Tier Point logs from River City Media, showing problems inboxing on AOL.

However, Vickery states that the large data dump was discovered when he stumbled across a large collection of files that were laid out in the open. He says they had no password protection on them – meaning anyone could have accessed the list. The list consists of more than 1.3 billion email accounts, which consisted of complete names, physical addresses and IP addresses.

Furthermore, Vickery also told CSO Online that many of the other files he discovered contained River City Media’s internal records, such as office chat logs, websites’ registrations details, financial information and notes related to production.

spam
Image Source: CSO Online – A small example of the domains available to River City Media.
spam
Image Source: CSO Online – Mapped River City Media email campaigns, November 2016.

Vickery says the most interesting thing he discovered was the cache of leaked emails. He says because of further investigations it he concluded that many of the email addresses were gathered through credit check offers, co-registration, sweepstakes and other techniques. Therefore, the analysis showed that the River City Media Company was sending out more than a billion spam emails on a daily basis.

spam
Image Source: CSO Online – Examples of offers emailed by River City Media.

He also told CSO Online about the techniques that River City Media employed to counter anti-spam solutions that were used by the owner of the email. For instance, the River City Media created many fake emails, which were created by them. They would send emails to their fake accounts or warm-up accounts, as Vickery calls them. Once sent to the millions of warm-up accounts, the spam emails were marked as safe. They were ‘washed’ and once they ready, River City Media would ‘email’ them to the rest of the world.

spam
Image Source: SPAMHAUS – A screenshot of the NGO’s website.

Vickrey also shared his findings with an international non-profit organisation called Spamhaus. The NGO’s goals are to track spammers and other related cyber crimes. The NGO is known for maintaining a database of companies that are spammers, and River City Media along with its entire infrastructure is now a part of that list.

Vickery stated that the leaked database of more than a billion emails is a complex threat to the users that poses a threat to both their online lives and real lives as well.

spam
Image Source: CSO Online – A brief overview of RCM’s operations.

Source: The Hacker News, CSO Online


This article (Database of 1.4 Billion Emails, Addresses Compromised from Spam Network) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.


Supporting Anonymous’ Independent & Investigative News is important to us. Please, follow us on Twitter:

CLICK HERE TO SUPPORT US VIA PATREON

Get Your Anonymous T-Shirt / Sweatshirt / Hoodie / Tanktop, Smartphone or Tablet Cover or Mug In Our Spreadshirt Shop! Click Here

 

1 COMMENT

  1. I think you can consider “Spambook” a.k.a “Facebook as the social network the most spammed of all time. You can even spam your friends without asking! How good is a social network base on sex ? Everyone can sell anything. And Google is not like before. You can’t even get any driver or any kind of specific product without tons of links to virus. Google is dead. The only purpose of Google now is to type an addess without the .com and get the link. In fact it’s a parasite cracking the web with only the worst to display. We are at the end of a period. New thinks should come and revitalize the web and the social purpose.

LEAVE A REPLY

Please enter your comment!
Please enter your name here