recommended reading

Threatwatch

Major Spammer Leaks Its List of 1.34 Billion Email Addresses

Misplaced data

A security researcher found a major spam organization’s database of more than 1.34 billion email addresses and details about the network it operates.

Listed on the Register of Known Spam Operations, River City Media basically exposed its database of future spam recipients because of a misconfigured backup. The database includes email addresses, full names, IP addresses and some physical addresses, according to Mackeeper Security Researcher Chris Vickery, who discovered it and then shared the information with Salted Hash, spam-tracking organization Spamhaus and law enforcement.

“Imagine the privacy and legal implications here. Law enforcement agents normally have to go through a subpoena process before a service provider will hand over the name behind an IP address or account. This list maps out 1.4 billion,” Vickery wrote on his blog.

The leak also exposed River City Media’s chat log, emails and how it ran day-to-day operations. Salted Hash dives into the techniques used, including a set up with 2,199 IP addresses, 60, IP blocks, 140 active DNS servers the company rotates, 100,000 domains it used for campaigns and tens of thousands of email accounts from Gmail, Hotmail, AOL and Yahoo. 

sector

Web Services

reported

March 6, 2017

reported by

CSO Online

number affected

1.34 billion

location of breach

Unknown

perpetrators

Employee

location of perpetrators

Unknown

date breach occurred

2017/01

date breach detected

2017/02