Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation (betanews.com)

Posted by msmash on from the boom dept.

One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation.

10 of 141 comments (clear)

  1. Source article by Anonymous Coward · · Score: 5, Informative

    Vickery's own writeup is here.

  2. Re:Redundant by Anonymous Coward · · Score: 0, Informative

    by signing up, you've agreed to receive the newsletter

    the ability to remove yourself from their list, after agreeing to receive their emails, is why they don't get fined

  3. Re:Redundant by Obfuscant · · Score: 5, Informative

    You signed up for it when you bought a product or made an inquiry on their site and did not uncheck a box that signed you up for them most-likely.

    That's the lie every spammer uses to justify their garbage. De-selecting the "send me all kinds of email about stuff I don't want" checkbox does nothing.

    If you're still getting it you're just too lazy to unsubscribe.

    I SHOULD NOT HAVE TO UNSUBSCRIBE FROM JUNK EMAIL LISTS THAT I DID NOT SUBSCRIBE TO IN THE FIRST PLACE. THE FIRST PIECE OF SPAM IS STILL SPAM.

  4. Re:BetaNews? by b0bby · · Score: 3, Informative

    The indignant AC didn't post the link, but I assume it's this one:
    http://www.csoonline.com/artic...
    And yeah, it's a way better article.

  5. Re:Redundant by SeaFox · · Score: 3, Informative

    Spam is UNWANTED e-mail.

    No, spam is UNSOLICITED commercial email. When you did whatever action you did on their site to receive it, you solicited them to send it to you as part of it. True spam is from companies you never heard of and never had a business relationship with.

  6. Re:Redundant by Anonymous Coward · · Score: 2, Informative

    That's the lie every spammer uses to justify their garbage.

    Yes, Rule #1, spammers lie; that doesn't mean it isn't a legitimate justification for a lot of commercial email. If I order a pizza on PizzaHut.com, and next week Pizza Hut sends me an email with their weekly special offers, that isn't spam. It isn't mail I particularly want, but it isn't spam. I agreed to receive those emails by joining up with PizzaHut.com.

    Spam is all the completely unsolicited boner pills, home mortgage, weight loss, and other garbage coming from randos who bought or harvested my email address somewhere, like the assholes who are the subject of this article.

  7. Re:Redundant by JoeMerchant · · Score: 4, Informative

    In the 1990s, any acknowledgment of a spam e-mail was an invitation to more SPAM.

    Lately, the unsubscribe links mostly work pretty well. I've been able to maintain the same address for 20 years now and it's still usable, sure it gets SPAM, but with billions of legitimate SPAM targets on the planet today, just knowing that the address is legit isn't enough to make it attractive anymore.

    Also, there are some penalties for not handling "unsubscribe" requests properly, never looked into enforcement and collection, but I'm sure some people have.

  8. Re:Redundant by nobuddy · · Score: 2, Informative

    No need for a service, gmail will do it by default.

    If your address is "mymail@gmail.com" and you are filling out an order from Pizza Hut, use "PizzaHut+mymail@gmail.com"

    now you have a unique one for them that you can block off at any time. With the added benefit of being able to see who sold your email to that spammer.

  9. Re:Redundant by Obfuscant · · Score: 4, Informative

    use "PizzaHut+mymail@gmail.com" now you have a unique one for them that you can block off at any time.

    You don't need to block it off, it will be sent to someone else who already has the "pizzahut@gmail.com" address, with the added benefit of telling them who is using their address to sign up for pizzahut spam.

    Try "mymail+pizzahut@gmail.com".

    Thanks to everyone who thinks I need to know how to avoid this spam, but I already do. I am well aware and a long time user of RFC5233 addressing.

  10. Re:Redundant by afidel · · Score: 3, Informative

    other way around, myemail+pizzahut@gmail.com

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.