1.37 Billion Email Addresses Leaked Due to Backup Mishap By Alleged Scammers

Media Division | March 8, 2017

Last month, researcher Chris Vickery of MacKeeper had happened to find a backup database containing a combination of files and 1.37 billion email addresses on an unprotected server.  The email addresses were tied to real names, IP addresses, and even physical addresses.

Further Contents of the Database

The breach was unique in that the victim was an alleged spamming front group called River City Media (RCM).  RCM purports themselves as a legitimate marketing group but is apparently a massive spamming operation.  According to their own documentation, they are responsible for sending up to a billion emails a day.  Interestingly enough, the files also appear to have unveiled the secrets of RCM’s spamming operations, including affiliations, accounting notes planning, and techniques for circumventing Gmail’s anti-spam layers.  Vickery describes the technique used for this as a clever variation on the Slowloris DDoS attack.

This massive database is enough ammunition to pursue potential legal repercussions against RCM and it’s founders, should authorities become involved.  It now comes down to where this massive number of email addresses was obtained by the firm, and whose they are.  Apparently, RCM was able to obtain these addresses through various offers, such as “free” gifts, sweepstakes, and education opportunities.  It appears they also employed co-registration, which is where a person’s information is relayed and shared with nameless affiliates after clicking the “submit” or “I agree” buttons on a website.

The question at first was whether this array of data was real.  According to Vickery, this was his first query, but he was able to verify the database by looking up several people he knew and finding that the entries were accurate.  Fortunately, he says that many of the records are outdated and that the individuals no longer reside at those addresses.  A factor of great concern was that the database had been exposed for weeks before being discovered, and could potentially be in several hands.

Protecting Yourself When Browsing Online

It is always important to be cautious about the sites and links that one visits or clicks online.  Scammers like RCM and a variety of other threats lie in wait for individuals to fall into their traps.  There is a cliche that can actually be quite applicable when it comes to perusing the web, and that is: if it looks to good to be true, it probably is.  Scams offering free stuff, sweepstakes, or other similar claims are often simply there to lure the person into giving out personal or financial information.  Legitimate products and services often have various other advertising methods instead of some random ad banner on an uncommon website.  Maintaining a small sense of suspicion online can actually be quite helpful.  If a website seems potentially sketchy, you can always leave or verify it.

The Importance of Cyber Security Intelligence in the Modern Age

With the way that cyber threats have advanced and developed, as well as the fact that hackers and spammers can portray themselves as legitimate companies, it is important to stay proactive and vigilant about cybersecurity.  Threats can be very insidious when it comes to launching attacks.  This is where cyber security intelligence has essentially become a necessity for any organization.  Cyber security intelligence is able to discover patterns and indicators of various threats around the web, and then relay this information to organizations.  This allows them to defend from these threats before they have a chance to attack.  Massive Alliance provides comprehensive cyber security intelligence services which can help to fortify any organization’s security posture.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.