Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation (betanews.com)

Posted by msmash on from the boom dept.

One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation.

4 of 141 comments (clear)

  1. Source article by Anonymous Coward · · Score: 5, Informative

    Vickery's own writeup is here.

  2. Re:Redundant by Obfuscant · · Score: 5, Informative

    You signed up for it when you bought a product or made an inquiry on their site and did not uncheck a box that signed you up for them most-likely.

    That's the lie every spammer uses to justify their garbage. De-selecting the "send me all kinds of email about stuff I don't want" checkbox does nothing.

    If you're still getting it you're just too lazy to unsubscribe.

    I SHOULD NOT HAVE TO UNSUBSCRIBE FROM JUNK EMAIL LISTS THAT I DID NOT SUBSCRIBE TO IN THE FIRST PLACE. THE FIRST PIECE OF SPAM IS STILL SPAM.

  3. Re:Redundant by JoeMerchant · · Score: 4, Informative

    In the 1990s, any acknowledgment of a spam e-mail was an invitation to more SPAM.

    Lately, the unsubscribe links mostly work pretty well. I've been able to maintain the same address for 20 years now and it's still usable, sure it gets SPAM, but with billions of legitimate SPAM targets on the planet today, just knowing that the address is legit isn't enough to make it attractive anymore.

    Also, there are some penalties for not handling "unsubscribe" requests properly, never looked into enforcement and collection, but I'm sure some people have.

  4. Re:Redundant by Obfuscant · · Score: 4, Informative

    use "PizzaHut+mymail@gmail.com" now you have a unique one for them that you can block off at any time.

    You don't need to block it off, it will be sent to someone else who already has the "pizzahut@gmail.com" address, with the added benefit of telling them who is using their address to sign up for pizzahut spam.

    Try "mymail+pizzahut@gmail.com".

    Thanks to everyone who thinks I need to know how to avoid this spam, but I already do. I am well aware and a long time user of RFC5233 addressing.